[bitnami/redis] Sentinel container CrashLoopBackOff when sentinel.externalAccess is enabled

[achar007]

Name and Version

bitnami/redis 7.4.2

What architecture are you using?

amd64

What steps will reproduce the bug?

helm install myredis bitnami/redis -n redis -f values.yml

# NAME: myredis
# LAST DEPLOYED: Mon Mar 17 10:04:42 2025
# NAMESPACE: redis
# STATUS: deployed
# REVISION: 1
# TEST SUITE: None
# NOTES:
# CHART NAME: redis
# CHART VERSION: 20.11.3
# APP VERSION: 7.4.2

# Did you know there are enterprise versions of the Bitnami catalog? For enhanced secure software supply chain features, unlimited pulls from Docker, LTS support, or application customization, see Bitnami Premium or Tanzu Application Catalog. See https://www.arrow.com/globalecs/na/vendors/bitnami for more information.

# ** Please be patient while the chart is being deployed **

# Redis® can be accessed via port 6379 on the following DNS name from within your cluster:

#     myredis.redis.svc.cluster.local for read only operations

# For read/write operations, first access the Redis® Sentinel cluster, which is available in port 26379 using the same domain name above.



# To get your password run:

#     export REDIS_PASSWORD=$(kubectl get secret --namespace redis myredis -o jsonpath="{.data.redis-password}" | base64 -d)

# To connect to your Redis® server:

# 1. Run a Redis® pod that you can use as a client:

#    kubectl run --namespace redis redis-client --restart='Never'  --env REDIS_PASSWORD=$REDIS_PASSWORD  --image docker.io/bitnami/redis:7.4.2-debian-12-r4 --command -- sleep infinity

#    Use the following command to attach to the pod:

#    kubectl exec --tty -i redis-client \
#    --namespace redis -- bash

# 2. Connect using the Redis® CLI:
#    REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h myredis -p 6379 # Read only operations
#    REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h myredis -p 26379 # Sentinel access

# To connect to your database from outside the cluster execute the following commands:

#     kubectl port-forward --namespace redis svc/myredis 6379:6379 &
#     REDISCLI_AUTH="$REDIS_PASSWORD" redis-cli -h 127.0.0.1 -p 6379

Are you using any custom parameters or values?

architecture: replication
auth:
  enabled: TRUE
  sentinel: TRUE
  password: "secret"  # Replace with a secure password

replica:
  replicaCount: 3
  persistence:
    enabled: TRUE
    storageClass: nfs-lab
  automountServiceAccountToken: TRUE

sentinel:
  enabled: TRUE
  quorum: 2
  persistence:
    enabled: TRUE
    storageClass: nfs-lab
  masterSet: mymaster
  #masterService:
    #enabled: TRUE
    #type: LoadBalancer
    #loadBalancerIP: ""
  externalAccess:
    enabled: TRUE
    service:
      type: LoadBalancer
      loadBalancerIP: []

serviceAccount:
  create: TRUE

rbac:
  create: TRUE

metrics:
  enabled: true

What is the expected behavior?

Each Redis pod should contain three running containers:

Redis
Sentinel
Exporter

What do you see instead?

Only the Redis and Exporter containers are running. The Sentinel container fails to start.

kubectl -n redis get all

# NAME                 READY   STATUS    RESTARTS         AGE
# pod/myredis-node-0   2/3     Running   12 (5m20s ago)   38m

# NAME                       TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                          AGE
# service/myredis            ClusterIP      10.43.221.194   <none>          6379/TCP,26379/TCP               38m
# service/myredis-0-svc      LoadBalancer   10.43.11.59     10.11.180.229   6379:32346/TCP,26379:30619/TCP   38m
# service/myredis-1-svc      LoadBalancer   10.43.105.122   10.11.180.232   6379:30365/TCP,26379:30948/TCP   38m
# service/myredis-2-svc      LoadBalancer   10.43.239.245   10.11.180.228   6379:32419/TCP,26379:31470/TCP   38m
# service/myredis-headless   ClusterIP      None            <none>          6379/TCP,26379/TCP               38m
# service/myredis-metrics    ClusterIP      10.43.84.43     <none>          9121/TCP                         38m

# NAME                            READY   AGE
# statefulset.apps/myredis-node   0/3     38m

kubectl -n redis logs myredis-node-0 -c sentinel
#  10:38:11.20 INFO  ==> Found previous master  in /opt/bitnami/redis-sentinel/etc/sentinel.conf
#  10:38:11.23 INFO  ==> about to run the command: REDISCLI_AUTH=$REDIS_PASSWORD timeout 90 redis-cli -h myredis.redis.svc.cluster.local -p 26379 sentinel get-master-addr-by-name mymaster
# Could not connect to Redis at myredis.redis.svc.cluster.local:26379: Connection refused
# Could not connect to Redis at myredis.redis.svc.cluster.local:26379: Connection refused
#  10:38:21.55 ERROR ==> Redis master host is configured incorrectly (host: , port: 6379)

Additional information

• The StatefulSet is not fully ready (0/3 pods available).
• The Sentinel container appears to be failing due to a misconfiguration in detecting the Redis master.
• The Redis services are exposed via LoadBalancer, but Sentinel is unable to establish a connection.

Request for Assistance

• Is this a known issue with the chart?
• Are there additional configurations required to ensure the Sentinel container starts successfully?

[achar007]

unkls,

I came across your PR on enabling externalAccess for Sentinel: [bitnami/charts#32190](#32190).

Could you help me understand the intended use case for externalAccess in Sentinel? I'm encountering issues where it's not working as expected in my setup. I'd appreciate any insights on what configuration I might be missing to achieve external access for Sentinel.

Thanks in advance!