feat(charts)!: Update Helm release redis to 19.5.3

[renovate]

This PR contains the following updates:

Package	Update	Change
redis (source)	major	17.3.5 -> 19.5.3

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

bitnami/charts (redis)

v19.5.3

• [bitnami/redis] Fix sentinel PDB condition (#​27080)

v19.5.2

• [bitnami/redis] Release 19.5.2 (#​27012)

v19.5.0

• [bitnami/redis] Enable PodDisruptionBudgets (#​26355) (4890ba6), closes #​26355

v19.4.0

• [bitnami/*] ci: 👷 Add tag and changelog support (#​25359) (91c707c), closes #​25359
• [bitnami/redis] feat: ✨ 🔒 Add warning when original images are replaced (#​26271) (8eed715), closes #​26271

v19.3.4

• [bitnami/redis] Release 19.3.4 updating components versions (#​26103) (e3e4772), closes #​26103

v19.3.3

• [bitnami/redis] Release 19.3.3 updating components versions (#​26073) (22a9c69), closes #​26073

v19.3.2

v19.3.1

v19.3.0

v19.2.0

v19.1.5

• [bitnami/redis] Release 19.1.5 updating components versions (#​25415) (16129d4), closes #​25415
• Replace VMware by Broadcom copyright text (#​25306) (a5e4bd0), closes #​25306

v19.1.4

v19.1.3

• Fix relabelling var scope in pod-monitor (#​25237) (17d9741), closes #​25237

v19.1.2

• [bitnami/redis] Release 19.1.2 updating components versions (#​25229) (81c381c), closes #​25229

v19.1.1

• [bitnami/redis] Release 19.1.1 (#​25209) (cd63f2d), closes #​25209

v19.1.0

• [bitnami/redis] Improve restart behavior in sentinel mode (#​25019) (18f1135), closes #​25019
• Update resourcesPreset comments (#​24467) (92e3e8a), closes #​24467

v19.0.2

• allow to set containerSecurityContext on kubectl container to fix issue e.g. with OpenShift (#​24730) (4fda65b), closes #​24730

v19.0.1

• [bitnami/redis] fix: 🐛 Set seLinuxOptions to {} (#​24555) (392851d), closes #​24555

v19.0.0

• [bitnami/redis] feat!: 🔒 💥 Improve security defaults (#​24282) (b4725cc), closes #​24282

v18.19.4

• [bitnami/redis] handling of deprecated relabellings (#​24506) (2de2898), closes #​24506

v18.19.3

• [bitnami/*] Reorder Chart sections (#​24455) (0cf4048), closes #​24455
• [bitnami/redis] Fix (r) and reg typos in README.md (#​24445) (fef29ff), closes #​24445
• [bitnami/redis] typofix in metric relabelings value (#​23859) (abed681), closes #​23859

v18.19.2

• [bitnami/redis] Fix wrong TLS port environment variable name in Sentinel scripts (#​24188) (e76f135), closes #​24188

v18.19.1

• [bitnami/redis] Release 18.19.1 updating components versions (#​24300) (f851e9f), closes #​24300

v18.19.0

• [bitname/redis] Redis sentinel master service (#​21913) (9186bd9), closes #​21913

v18.18.1

• Fix typo in usePasswordFiles variable name (#​24256) (69db9d6), closes #​24256

v18.18.0

• [bitnami/redis] feat: ✨ 🔒 Add automatic adaptation for Openshift restricted-v2 SCC (#​2 (063463f), closes #​24149

v18.17.1

• [bitnami/redis] Fix ordering of annotations (#​23972) (03f66cf), closes #​23972

v18.17.0

• [bitnami/redis] Allow no secret with password (#​23886) (d8c34d6), closes #​23886

v18.16.1

• [bitnami/redis] Release 18.16.1 updating components versions (#​23826) (7c8d50f), closes #​23826

v18.16.0

• [bitnami/redis] feat: ✨ 🔒 Add readOnlyRootFilesystem support (#​23622) (3054892), closes #​23622

v18.15.1

• [bitnami/redis] Release 18.15.1 updating components versions (#​23692) (f2f9358), closes #​23692

v18.14.0

• [bitnami/redis] feat: ✨ 🔒 Add resource preset support (#​23516) (b18b776), closes #​23516

v18.13.0

• [bitnami/redis] - add missing fields in service/pod monitor (#​22809) (4d174a3), closes #​22809

v18.12.1

• [bitnami/redis] Release 18.12.1 updating components versions (#​23137) (6f15fa9), closes #​23137

v18.12.0

• [bitnami/redis] fix: 🐛 Add allowExternalEgress to avoid breaking istio and fix metrics port (#​22 (2b78bee), closes #​22955

v18.11.1

• [bitnami/redis] Release 18.11.1 updating components versions (#​23008) (9672d37), closes #​23008

v18.11.0

• [bitnami/redis] feat: 🔒 Enable networkPolicy (#​22738) (f1c7b0d), closes #​22738

v18.10.0

• [bitnami/redis] Fix the PodMonitor implementation (#​22676) (3095a12), closes #​22676

v18.9.1

• fix(redis): fix standalone redis missing service account (#​22747) (bf435ef), closes #​22747

v18.9.0

• [bitnami/redis] - add support for additional-endpoints in service/pod monitor (#​22250) (259c9dd), closes #​22250

v18.8.3

• [bitnami/redis] Do not create master and replica serviceaccounts when using sentinel (#​22716) (13c6479), closes #​22716

v18.8.2

• [bitnami/redis] create service account when using sentinel and replication (#​22223) (3efd491), closes #​22223

v18.8.0

• [bitnami/redis] fix: 🔒 Move service-account token auto-mount to pod declaration (#​22455) (08679ba), closes #​22455

v18.7.1

• [bitnami/redis] Release 18.7.1 updating components versions (#​22336) (11d7707), closes #​22336

v18.7.0

• [bitnami/redis] fix: 🔒 Improve podSecurityContext and containerSecurityContext with essential s (2198b3f), closes #​22184

v18.6.4

• [bitnami/*] Fix ref links (in comments) (#​21822) (e4fa296), closes #​21822
• [bitnami/redis] fix: 🔒 Do not use the default service account (#​22028) (5fae3b4), closes #​22028

v18.6.3

• [bitnami/*] Fix docs.bitnami.com broken links (#​21901) (f35506d), closes #​21901
• [bitnami/redis] Release 18.6.3 updating components versions (#​21921) (3a51ea4), closes #​21921

v18.6.2

• [bitnami/*] Update copyright: Year and company (#​21815) (6c4bf75), closes #​21815
• [bitnami/redis] Use correct context to retrieve node ports for sentinel service (#​21830) (910d599), closes #​21830

v18.6.1

• [bitnami/redis] Release 18.6.1 updating components versions (#​21655) (816f235), closes #​21655

v18.6.0

• Add loadBalancerClass configuration to Redis service (#​21586) (ef28cdc), closes #​21586

v18.5.0

• [bitnami/*] Remove relative links to non-README sections, add verification for that and update TL;DR (1103633), closes #​20967
• bitnami/redis Add namespaceOverride capability to redis chart (#​21479) (98db876), closes #​21479
• Update readme-generator links (#​21043) (1581eba), closes #​21043

v18.4.0

• [bitnami/redis] Implementing an option to define masters as DaemonSets #​20939 (#​20939) (a53f6eb), closes #​20939 #​20939

v18.3.3

• [bitnami/redis] Increase sentinel master retry sleep time to 5s (#​20612) (0140f33), closes #​20612

v18.3.2

• [bitnami/redis] Release 18.3.2 updating components versions (#​20872) (6693b83), closes #​20872

v18.3.1

• [bitnami/redis] Replace deprecated pull secret partial (#​20666) (e03531b), closes #​20666

v18.3.0

• [bitnami/redis] Implementing an option to define replicas as Daemonsets (#​20003) (9237563), closes #​20003

v18.2.2

• [bitnami/redis] Release 18.2.2 updating components versions (#​20784) (e61f423), closes #​20784

v18.2.1

• [bitnami/redis] Release 18.2.1 updating components versions (#​20625) (6228abc), closes #​20625

v18.2.0

• [bitnami/*] Rename VMware Application Catalog (#​20361) (3acc734), closes #​20361
• [bitnami/*] Skip image's tag in the README files of the Bitnami Charts (#​19841) (bb9a01b), closes #​19841
• [bitnami/*] Standardize documentation (#​19835) (af5f753), closes #​19835
• [bitnami/redis] - Add support for PodMonitor (#​20409) (0d40a6c), closes #​20409

v18.1.6

• [bitnami/redis] Release 18.1.6 (#​20324) (9f486b3), closes #​20324

v18.1.5

• [bitnami/redis] Release 18.1.5 (#​20171) (fda443a), closes #​20171

v18.1.4

• [bitnami/redis] Support persistentVolumeClaimRetentionPolicy for redis (#​19689) (5658fa8), closes #​19689

v18.1.3

• [bitnami/*] Update Helm charts prerequisites (#​19745) (eb755dd), closes #​19745
• [bitnami/redis] Release 18.1.3 (#​19831) (88ae1d4), closes #​19831

v18.1.2

• [bitnami/redis] Use common capabilities for PSP (#​19639) (9c636a3), closes #​19639

v18.1.1

• [bitnami/redis] add kind & apiVersion for pvc template in statefulset (#​19484) (56fb647), closes #​19484

v18.1.0

• [bitnami/redis] add customization of metrics networkpolicy (#​19468) (153184f), closes #​19468
• Autogenerate schema files (#​19194) (a2c2090), closes #​19194
• Revert "Autogenerate schema files (#​19194)" (#​19335) (73d80be), closes #​19194 #​19335

v18.0.4

• [bitnami/redis] Release 18.0.4 (#​19153) (2cc47e7), closes #​19153

v18.0.2

• [bitnami/redis] expose service binding with correct uri (#​18922) (5c7fed5), closes #​18922

v18.0.1

• [bitnami/redis] test: ✅ Add persistence tests (#​18813) (3e580e2), closes #​18813
• [bitnami/redis] Update upgrading notes for version 18.x.x (#​18891) (d9aa73d), closes #​18891

v18.0.0

• [bitnami/redis] Release 18.0.0 (#​18874) (cc5eb96), closes #​18874

v17.17.1

• [bitnami/redis] Release 17.17.1 (#​18862) (b2beb14), closes #​18862

v17.17.0

• [bitnami/redis] Support enableServiceLinks (#​18779) (c72422d), closes #​18779

v17.16.0

• [bitnami/redis] Support for customizing standard labels (#​18418) (e3c2335), closes #​18418

v17.15.6

• [bitnami/redis] Release 17.15.6 (#​18713) (e6ea66e), closes #​18713

v17.15.5

• [bitnami/redis] Release 17.15.5 (#​18589) (cbef828), closes #​18589

v17.15.4

• [bitnami/redis] Release 17.15.4 (#​18431) (e912de6), closes #​18431

v17.15.2

• [bitnami/redis] Define missing HEADLESS_SERVICE for start-replica.sh (#​18312) (a95bc61), closes #​18312

v17.15.1

• [bitnami/redis] fix redis sentinel start up (#​18321) (71a2db0), closes #​18321

v17.15.0

• [bitnami/redis] checksum only data part of ConfigMap/Secret (#​17579) (de01284), closes #​17579

v17.14.6

• [bitnami/redis] retry when get master info failed (#​18228) (429ed7f), closes #​18228

v17.14.5

• [bitnami/redis] fix redis sentinel start up (#​17932) (13a5749), closes #​17932

v17.14.4

• [bitnami/redis] Release 17.14.4 (#​18129) (cdb6e00), closes #​18129

v17.14.3

• [bitnami/redis] Release 17.14.3 (#​18021) (f094056), closes #​18021

v17.14.2

• [bitnami/redis] Release 17.14.2 (#​17958) (472b8af), closes #​17958

v17.14.1

• [bitnami/redis] Allow templatable values for .Values.auth.existingSecretPasswordKey (#​17723) (344db98), closes #​17723

v17.14.0

• [bitnami/redis] Try to seed redis with pss-restricted (#​17237) (d542b49), closes #​17237

v17.13.2

• [bitnami/redis] Release 17.13.2 (#​17720) (df883f2), closes #​17720

v17.13.1

• [bitnami/redis] Release 17.13.1 (#​17713) (3ed0eb6), closes #​17713

v17.13.0

• [bitnami/redis] add sampleLimit and targetLimit for redis chart (#​17587) (ea241c0), closes #​17587

v17.12.0

• [bitnami/redis] don't include @ for unauthenticated URI (#​17493) (1713a0f), closes #​17493
• Use os-shell in tempate and Jaeger runtime params (#​17557) (91a49eb), closes #​17557

v17.11.8

• [bitnami/redis] Release 17.11.8 (#​17545) (e6061e4), closes #​17545

v17.11.7

• [bitnami/redis] Add missing apiVersion and kind to redis volumeClaimTemplates (#​17466) (4d1ee86), closes #​17466
• Add copyright header (#​17300) (da68be8), closes #​17300
• Update charts readme (#​17217) (31b3c0a), closes #​17217

v17.11.6

• [bitnami/redis] Add automountServiceAccountToken in pod specs (#​17175) (d42df30), closes #​17175

v17.11.5

• [bitnami/redis] Release 17.11.5 (#​17122) (86fea96), closes #​17122

v17.11.4

• [bitnami/*] Change copyright section in READMEs (#​17006) (ef986a1), closes #​17006
• [bitnami/redis] Modify Sentinel liveness Probe timeout to not restart during tilt-mode (#​17103) (15d4417), closes #​17103
• [bitnami/several] Change copyright section in READMEs (#​16989) (5b6a5cf), closes #​16989

v17.11.3

• [bitnami/redis] Release 17.11.3 (#​16788) (0831617), closes #​16788

v17.11.2

• [bitnami/redis] add support for headless metrics service (#​16545) (4b79ebe), closes #​16545

v17.11.1

• Add wording for enterprise page (#​16560) (8f22774), closes #​16560
• Fix PVC labeling for bitnami/redis Helm chart (#​16678) (277efc3), closes #​16678

v17.10.3

• [bitnami/redis] Release 17.10.3 (#​16495) (52238da), closes #​16495

v17.10.2

• [bitnami/redis] Fix replica-announce-ip wrong number of arguments whe… (#​16234) (b63df9d), closes #​16234

v17.10.1

• redis chart: sort alphabetically hpa metrics, fixes #​16198 (#​16199) (0f3be36), closes #​16198 #​16199 #​16198

v17.9.5

• [bitnami/redis] Release 17.9.5 (#​16099) (b449511), closes #​16099

v17.9.4

• [bitnami/redis] Add notes about RDB compatibility in upgrades (#​15737) (5b8193e), closes #​15737
• [bitnami/redis] upgrade redis-exporter (#​16036) (a67e6c4), closes #​16036

v17.9.3

• [bitnami/redis] Release 17.9.3 (#​15894) (0ceacff), closes #​15894

v17.9.2

• [bitnami/redis] Release 17.9.2 (#​15719) (ab7a23f), closes #​15719

v17.9.1

• [bitnami/redis] Add support for Sentinel resource annotations (#​15652) (47fadd1), closes #​15652
• [bitnami/redis] Fix wrong password given in service bindings (#​15672) (bc2d03c), closes #​15672

v17.9.0

• [bitnami/redis] Add support for service.headless.annotations (#​15441) (cec500e), closes #​15441

v17.8.7

• [bitnami/redis] Release 17.8.7 (#​15642) (4e62884), closes #​15642

v17.8.6

• [bitnami/redis] Release 17.8.6 (#​15602) (5c241dc), closes #​15602

v17.8.5

• Use existingSecretPasswordKey instead of hardcoded value (#​15490) (33ab645), closes #​15490

v17.8.4

• [bitnami/charts] Apply linter to README files (#​15357) (0e29e60), closes #​15357
• [bitnami/redis] minReadySeconds feature only requires k8s >=1.23 (#​15417) (a748281), closes #​15417 #​13783

v17.8.3

• [bitnami/redis] add PVC labels (#​15353) (7109c7b), closes #​15353

v17.8.2

• [bitnami/redis] Release 17.8.2 (#​15284) (bca8bc7), closes #​15284
• [bitnami/redis] Use SIGTERM on timeout for probes (#​15057) (6ab7b61), closes #​15057

v17.8.1

• [bitnami/redis] Release 17.8.1 (#​15183) (0b73498), closes #​15183

v17.8.0

• [bitnami/redis] feat: ✨ Add ServiceBinding-compatible secrets (#​14906) (20196ce), closes #​14906
• [bitnami/redis] Fix missing metrics.command key (#​15066) (52a754d), closes #​15066

v17.7.6

• [bitnami/redis] Release 17.7.6 (#​15074) (61309d1), closes #​15074

v17.7.5

• [bitnami/*] Fix markdown linter issues 2 (#​14890) (aa96572), closes #​14890
• [bitnami/redis] Release 17.7.5 (#​15014) (8a86a04), closes #​15014

v17.7.4

• [bitnami/*] Fix markdown linter issues (#​14874) (a51e0e8), closes #​14874
• [bitnami/redis] Release 17.7.4 (#​14898) (9d615e7), closes #​14898

v17.7.3

• [bitnami/redis] Add commonLabels also to pods: master, replicas, sentinel (#​14244) (529e070), closes #​14244

v17.7.2

• [bitnami/redis] fix wrong propagation of loadBalancerSourceRanges (#​14728) (db79cb9), closes #​14728

v17.7.1

• [bitnami/redis] Don't regenerate self-signed certs on upgrade (#​14655) (9c8766a), closes #​14655

v17.6.0

• [bitnami/redis] make emptyDir sizeLimit work everywhere (#​14399) (6d8e53a), closes #​14399

v17.5.1

• [bitnami/*] Unify READMEs (#​14472) (2064fb8), closes #​14472
• [bitnami/redis] Fix missing Helm value rendering for metrics container probes (#​14473) (829caf3), closes #​14473 #​14420

v17.5.0

• [bitnami/redis] add probes for metrics container (#​14420) (8410bf9), closes #​14420

v17.4.3

• [bitnami/*] Add license annotation and remove obsolete engine parameter (#​14293) (da2a794), closes #​14293
• [bitnami/*] Change licenses annotation format (#​14377) (0ab7608), closes #​14377
• [bitnami/redis] Release 17.4.3 (#​14388) (9d6b54d), closes #​14388

v17.4.2

• [bitnami/redis] Sentinel deployment: Fix Failover at gracef

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.0.0

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r9
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: null
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: null
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.0.1

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r9
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.0.2

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r9
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.1.0

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r9
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r4
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.1.1

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r11
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r7
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.1.2

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r12
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r7
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.1.3

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r12
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r7
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.1.5

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r13
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.2.0

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r13
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.3.0

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r13
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.3.1

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r15
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r4
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.3.2

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r16
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r6
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.3.3

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.4-debian-12-r16
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r6
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.3.4

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r6
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.4.0

@@ -1,14 +1,42 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +45,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +59,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +90,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +100,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +120,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +141,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +161,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +196,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +224,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +235,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +245,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +259,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +270,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +282,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +292,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +335,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +407,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +422,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r6
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +456,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +468,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +510,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +523,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.5.0

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +354,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +426,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +441,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r6
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +475,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +487,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +529,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +542,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.5.2

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +354,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +426,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +441,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.60.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +475,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +487,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +529,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +542,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.5.0

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +354,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +426,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +441,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.59.0-debian-12-r6
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +475,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +487,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +529,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +542,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.5.2

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +354,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +426,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +441,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.60.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +475,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +487,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +529,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +542,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics

[github-actions]

Path: cluster/core/databases/redis/helm-release.yaml
Version: 17.3.5 -> 19.5.3

@@ -1,14 +1,61 @@
-# Source: redis/templates/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
+# Source: redis/templates/networkpolicy.yaml
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
 metadata:
   name: redis
   namespace: "default"
   labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: redis
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    - {}
+  ingress:
+    # Allow inbound connections
+    - ports:
+        - port: 6379
+    # Allow prometheus scrapes for metrics
+    - ports:
+        - port: 9121
+---
+# Source: redis/templates/master/pdb.yaml
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
+    app.kubernetes.io/component: master
+spec:
+  maxUnavailable: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
+      app.kubernetes.io/component: master
+---
+# Source: redis/templates/master/serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: false
+metadata:
+  name: redis-master
+  namespace: "default"
+  labels:
+    app.kubernetes.io/instance: redis
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/secret.yaml
 apiVersion: v1
@@ -17,9 +64,9 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 type: Opaque
 data:
   redis-password: "JHtTRUNSRVRfUkVESVNfUEFTU1dPUkR9"
@@ -31,9 +78,9 @@
   name: redis-configuration
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   redis.conf: |-
     # User-supplied common configuration:
@@ -62,9 +109,9 @@
   name: redis-health
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   ping_readiness_local.sh: |-
     #!/bin/bash
@@ -72,7 +119,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -92,7 +139,7 @@
     [[ -f $REDIS_PASSWORD_FILE ]] && export REDIS_PASSWORD="$(< "${REDIS_PASSWORD_FILE}")"
     [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h localhost \
         -p $REDIS_PORT \
@@ -113,7 +160,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -133,7 +180,7 @@
     [[ -f $REDIS_MASTER_PASSWORD_FILE ]] && export REDIS_MASTER_PASSWORD="$(< "${REDIS_MASTER_PASSWORD_FILE}")"
     [[ -n "$REDIS_MASTER_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_MASTER_PASSWORD"
     response=$(
-      timeout -s 3 $1 \
+      timeout -s 15 $1 \
       redis-cli \
         -h $REDIS_MASTER_HOST \
         -p $REDIS_MASTER_PORT_NUMBER \
@@ -168,9 +215,9 @@
   name: redis-scripts
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 data:
   start-master.sh: |
     #!/bin/bash
@@ -196,10 +243,9 @@
   name: redis-headless
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
-  annotations:
+    app.kubernetes.io/name: redis
 spec:
   type: ClusterIP
   clusterIP: None
@@ -208,8 +254,8 @@
       port: 6379
       targetPort: redis
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/service.yaml
 apiVersion: v1
@@ -218,9 +264,9 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   type: ClusterIP
@@ -232,8 +278,8 @@
       targetPort: redis
       nodePort: null
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 ---
 # Source: redis/templates/metrics-svc.yaml
@@ -243,9 +289,9 @@
   name: redis-metrics
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: metrics
 spec:
   type: ClusterIP
@@ -255,8 +301,8 @@
       protocol: TCP
       targetPort: metrics
   selector:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
+    app.kubernetes.io/name: redis
 ---
 # Source: redis/templates/master/application.yaml
 apiVersion: apps/v1
@@ -265,39 +311,42 @@
   name: redis-master
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
     app.kubernetes.io/component: master
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: master
   serviceName: redis-headless
   updateStrategy:
-    rollingUpdate: {}
     type: RollingUpdate
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: redis
         app.kubernetes.io/instance: redis
         app.kubernetes.io/managed-by: Helm
+        app.kubernetes.io/name: redis
         app.kubernetes.io/component: master
       annotations:
-        checksum/configmap: b55f312b2062b1f194f602f7bc278534fc59a776407a40c7c7ddf8f21acf4b8c
-        checksum/health: 76146d0a8f8571680c57312c32f5af572c535d3d4aaff7ff18bad86d272eb7ad
-        checksum/scripts: 520130be832daed123eefb6f195f7972853fcddaca577a8f3911a429d7aea24e
-        checksum/secret: 06fc0ebc9fa8fae9aa13ce05cc08b295e2bb91034ee6f79bfa091d17a0541c05
+        checksum/configmap: 86bcc953bb473748a3d3dc60b7c11f34e60c93519234d4c37f42e22ada559d47
+        checksum/health: aff24913d801436ea469d8d374b2ddb3ec4c43ee7ab24663d5f8ff1a1b6991a9
+        checksum/scripts: 560c33ff34d845009b51830c332aa05fa211444d1877d3526d3599be7543aaa5
+        checksum/secret: e02b67d540ccd6de3d6095c8d3ab7d3874da72c10ec88f23fe15d1a500ee176e
         prometheus.io/port: "9121"
         prometheus.io/scrape: "true"
     spec:
       securityContext:
         fsGroup: 1001
-      serviceAccountName: redis
+        fsGroupChangePolicy: Always
+        supplementalGroups: []
+        sysctls: []
+      serviceAccountName: redis-master
+      automountServiceAccountToken: false
       affinity:
         podAffinity:
         podAntiAffinity:
@@ -305,21 +354,30 @@
             - podAffinityTerm:
                 labelSelector:
                   matchLabels:
-                    app.kubernetes.io/name: redis
                     app.kubernetes.io/instance: redis
+                    app.kubernetes.io/name: redis
                     app.kubernetes.io/component: master
-                namespaces:
-                  - "default"
                 topologyKey: kubernetes.io/hostname
               weight: 1
         nodeAffinity:
+      enableServiceLinks: true
       terminationGracePeriodSeconds: 30
       containers:
         - name: redis
-          image: docker.io/bitnami/redis:7.0.5-debian-11-r7
+          image: docker.io/bitnami/redis:7.2.5-debian-12-r0
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
           args:
@@ -368,8 +426,14 @@
                 - -c
                 - /health/ping_readiness_local.sh 1
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
             - name: start-scripts
               mountPath: /opt/bitnami/scripts/start-scripts
@@ -377,18 +441,29 @@
               mountPath: /health
             - name: redis-data
               mountPath: /data
-              subPath:
             - name: config
               mountPath: /opt/bitnami/redis/mounted-etc
-            - name: redis-tmp-conf
+            - name: empty-dir
               mountPath: /opt/bitnami/redis/etc/
-            - name: tmp
+              subPath: app-conf-dir
+            - name: empty-dir
               mountPath: /tmp
+              subPath: tmp-dir
         - name: metrics
-          image: docker.io/bitnami/redis-exporter:1.44.0-debian-11-r16
+          image: docker.io/bitnami/redis-exporter:1.60.0-debian-12-r1
           imagePullPolicy: "IfNotPresent"
           securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 1001
+            runAsNonRoot: true
             runAsUser: 1001
+            seLinuxOptions: {}
+            seccompProfile:
+              type: RuntimeDefault
           command:
             - /bin/bash
             - -c
@@ -400,6 +475,8 @@
           env:
             - name: REDIS_ALIAS
               value: redis
+            - name: REDIS_EXPORTER_WEB_LISTEN_ADDRESS
+              value: :9121
             - name: REDIS_USER
               value: default
             - name: REDIS_PASSWORD
@@ -410,10 +487,36 @@
           ports:
             - name: metrics
               containerPort: 9121
+          livenessProbe:
+            failureThreshold: 5
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 5
+            tcpSocket:
+              port: metrics
+          readinessProbe:
+            failureThreshold: 3
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+            httpGet:
+              path: /
+              port: metrics
           resources:
-            limits: {}
-            requests: {}
+            limits:
+              cpu: 150m
+              ephemeral-storage: 1024Mi
+              memory: 192Mi
+            requests:
+              cpu: 100m
+              ephemeral-storage: 50Mi
+              memory: 128Mi
           volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: app-tmp-dir
       volumes:
         - name: start-scripts
           configMap:
@@ -426,9 +529,7 @@
         - name: config
           configMap:
             name: redis-configuration
-        - name: redis-tmp-conf
-          emptyDir: {}
-        - name: tmp
+        - name: empty-dir
           emptyDir: {}
         - name: redis-data
           persistentVolumeClaim:
@@ -441,18 +542,18 @@
   name: redis
   namespace: "default"
   labels:
-    app.kubernetes.io/name: redis
     app.kubernetes.io/instance: redis
     app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: redis
 spec:
   endpoints:
     - port: http-metrics
       interval: 30s
   namespaceSelector:
     matchNames:
-      - default
+      - "default"
   selector:
     matchLabels:
-      app.kubernetes.io/name: redis
       app.kubernetes.io/instance: redis
+      app.kubernetes.io/name: redis
       app.kubernetes.io/component: metrics