Redis Configuration
NetBox uses Redis for caching and as a task queue for background workers. The operator supports two modes:
- Internal (default): Managed by the Redis Operator, installed as a chart dependency
- External: Connect to an existing Redis instance
Internal Redis (Default)
When redis.external: false (the default), the operator deploys a Redis cluster managed by the Redis Operator.
| Key | Type | Default | Description |
|---|---|---|---|
redis.external | bool | false | Use internal Redis |
redis.name | string | redis | Redis instance name |
redis.clusterSize | uint8 | 0 | Number of Redis replicas. 0 auto-scales to min(nodes, 3) (0-255) |
redis.persistence | bool | true | Enable data persistence |
redis.requireAuth | bool | false | Require authentication |
redis.resources.cpu | int | - | CPU request in millicores (optional) |
redis.resources.memory | int | - | Memory request in MiB (optional) |
redis.limits.cpu | int | - | CPU limit in millicores (optional) |
redis.limits.memory | int | - | Memory limit in MiB (optional) |
redis.storageClassName | string | - | Storage class for Redis PVCs |
redis.storageSize | string | 1Gi | Storage size for Redis PVCs (when persistence is enabled) |
When resources or limits are not set, no resource requests or limits are applied to Redis pods, allowing Kubernetes defaults. Set limits to prevent Redis from consuming excessive node resources.
Example with redundancy and resource limits:
netboxEnterprise:
spec:
redis:
external: false
clusterSize: 3
persistence: true
storageSize: "2Gi"
resources:
cpu: 250
memory: 256
limits:
cpu: 500
memory: 512
Memory and persistence tuning
These fields apply only to internal (operator-managed) Redis. They let you cap Redis memory, choose how it behaves when full, and control append-only file (AOF) persistence without rebuilding the operator.
| Key | Type | Default | Description |
|---|---|---|---|
redis.aofEnabled | bool | - | Enable AOF persistence. false avoids the OOM restart loop -- a restart does not replay the AOF log to re-fill memory, and RDB snapshots still preserve the NetBox cache. true maximizes write durability. Omit to leave the Redis default unchanged. |
redis.maxMemoryPercent | uint8 | - | Cap Redis memory at N% (0-100) of redis.limits.memory, emitted as a maxmemory directive. No-op when redis.limits.memory is unset. |
redis.maxMemoryPolicy | enum | - | Key eviction policy when maxmemory is reached: noeviction, allkeys-lru, volatile-lru, allkeys-random, volatile-random, volatile-ttl, allkeys-lfu, volatile-lfu. Defaults to noeviction (reject writes) when unset. |
redis.dynamicConfig | list | - | Extra Redis config directives appended to the managed ConfigMap. Applied on the next pod roll, not live. Prefer the typed fields above where they cover the need. |
redis.additionalConfig | string | - | Raw Redis config directives appended verbatim after the typed fields. Redis uses the last occurrence, so raw directives take precedence. |
Setting redis.dynamicConfig changes the managed ConfigMap, so the operator rolls the Redis pod once on upgrade to apply the directives. This is expected and needs no action.
To cap memory and avoid the OOM restart loop on a memory-limited cluster:
netboxEnterprise:
spec:
redis:
external: false
aofEnabled: false
maxMemoryPercent: 80
maxMemoryPolicy: allkeys-lru
limits:
cpu: 500
memory: 512
External Redis
Set redis.external: true to use an externally managed Redis instance.
When external, provide connection details through netbox.config.redis:
netboxEnterprise:
spec:
redis:
external: true
netbox:
config:
redis:
host: "redis.example.com"
port: 6379
username: "netbox" # Optional, Redis 6.0+ ACL
password:
name: redis-credentials
key: password
You can disable the Redis Operator entirely:
redis-operator:
enabled: false
TLS Configuration
Configure TLS for connections to external Redis:
| Key | Type | Default | Description |
|---|---|---|---|
redis.tlsConfig.insecureSkipVerify | bool | false | Skip TLS verification (dev only) |
redis.tlsConfig.keychainCaCertificates | list | - | CA certificate names from tlsKeychain |
redis.tlsConfig.keychainClientCertificate | string | - | Client certificate name from tlsKeychain |
Example with TLS
netboxEnterprise:
spec:
redis:
external: true
tlsConfig:
keychainCaCertificates:
- my-redis-ca
tlsKeychain:
caCertificateSecrets:
- name: my-redis-ca
secret: redis-ca-cert
key: ca.crt
Redis Database Allocation
NetBox and Diode use separate Redis databases within the same instance:
| Database | Purpose |
|---|---|
0 | Diode reconciler |
1 | Diode ingester streams |
| Default | NetBox caching and task queue |
These database numbers are configurable in the Diode configuration section.
Next Steps
- Diode - Data ingestion pipeline that uses Redis streams
- PostgreSQL - Database configuration