[bitnami/redis] Removes master/slave when using sentinel (#3658)

* Working version. FIXME remove echo and default values * Initial version * Bumps chart version * Removes sentinel from master and slave statefulsets * Move command scripts to a configmap * Bump chart version and README notes * Bumps version to major due to upgrade compatibility issues, adds info to README * Adds instructions on how to perform backup and restore to README Co-authored-by: rafael <rafael@bitnami.com>
2026-03-08 08:47:24 +08:00 · 2020-09-17 15:34:09 +02:00
parent f5ade078ad
commit 782f4bfbf0
6 changed files with 912 additions and 386 deletions
--- a/bitnami/redis/Chart.yaml
+++ b/bitnami/redis/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: redis
-version: 10.9.0
+version: 11.0.0
 appVersion: 6.0.8
 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets.
 keywords:
--- a/bitnami/redis/README.md
+++ b/bitnami/redis/README.md
@@ -449,6 +449,100 @@ By default, the chart mounts a [Persistent Volume](http://kubernetes.io/docs/use
 $ helm install my-release --set persistence.existingClaim=PVC_NAME bitnami/redis
 ```

+## Backup and restore
+
+### Backup
+
+To perform a backup you will need to connect to one of the nodes and execute:
+
+```bash
+$ kubectl exec -it my-redis-master-0 bash
+
+$ redis-cli
+127.0.0.1:6379> auth your_current_redis_password
+OK
+127.0.0.1:6379> save
+OK
+```
+
+Then you will need to get the created dump file form the redis node:
+
+```bash
+$ kubectl cp my-redis-master-0:/data/dump.rdb dump.rdb -c redis
+```
+
+### Restore
+
+To restore in a new cluster, you will need to change a parameter in the redis.conf file and then upload the `dump.rdb` to the volume.
+
+Follow the following steps:
+
+- First you will need to set in the `values.yaml` the parameter `appendonly` to `no`, if it is already `no` you can skip this step.
+
+
+```yaml
+configmap: |-
+  # Enable AOF https://redis.io/topics/persistence#append-only-file
+  appendonly no
+  # Disable RDB persistence, AOF persistence already enabled.
+  save ""
+```
+
+- Start the new cluster to create the PVCs.
+
+
+For example, :
+
+```bash
+helm install new-redis  -f values.yaml .  --set cluster.enabled=true  --set cluster.slaveCount=3
+```
+
+- Now that the PVC were created, stop it and copy the `dump.rdp` on the persisted data by using a helping pod.
+
+```
+$ helm delete new-redis
+
+$ kubectl run --generator=run-pod/v1 -i --rm --tty volpod --overrides='
+{
+    "apiVersion": "v1",
+    "kind": "Pod",
+    "metadata": {
+        "name": "redisvolpod"
+    },
+    "spec": {
+        "containers": [{
+            "command": [
+                "tail",
+                "-f",
+                "/dev/null"
+            ],
+            "image": "bitnami/minideb",
+            "name": "mycontainer",
+            "volumeMounts": [{
+                "mountPath": "/mnt",
+                "name": "redisdata"
+            }]
+        }],
+        "restartPolicy": "Never",
+        "volumes": [{
+            "name": "redisdata",
+            "persistentVolumeClaim": {
+                "claimName": "redis-data-new-redis-master-0"
+            }
+        }]
+    }
+}' --image="bitnami/minideb"
+
+$ kubectl cp dump.rdb redisvolpod:/mnt/dump.rdb
+$ kubectl delete pod volpod
+```
+
+- Start again the cluster:
+
+```
+helm install new-redis  -f values.yaml .  --set cluster.enabled=true  --set cluster.slaveCount=3
+```
+
 ## NetworkPolicy

 To enable network policy for Redis, install
@@ -480,6 +574,10 @@ networkPolicy:
 A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
 incompatible breaking change needing manual actions.

+### To 11.0.0
+
+When using sentinel, a new statefulset called `-node` was introduced. This will break upgrading from a previous version where the statefulsets are called master and slave. Hence the PVC will not match the new naming and won't be reused. If you want to keep your data, you will need to perform a backup and then a restore the data in this new version.
+
 ### To 10.0.0

 For releases with `usePassword: true`, the value `sentinel.usePassword` controls whether the password authentication also applies to the sentinel port. This defaults to `true` for a secure configuration, however it is possible to disable to account for the following cases:
@@ -555,6 +653,9 @@ kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "remo

 ## Notable changes

+### 11.0.0
+When deployed with sentinel enabled, only a group of nodes is deployed and the master/slave role is handled in the group. To avoid breaking the compatibility, the settings for this nodes are given through the `slave.xxxx` parameters in `values.yaml`
+
 ### 9.0.0
 The metrics exporter has been changed from a separate deployment to a sidecar container, due to the latest changes in the Redis exporter code. Check the [official page](https://github.com/oliver006/redis_exporter/) for more information. The metrics container image was changed from oliver006/redis_exporter to bitnami/redis-exporter (Bitnami's maintained package of oliver006/redis_exporter).

--- a/bitnami/redis/templates/configmap-scripts.yaml
+++ b/bitnami/redis/templates/configmap-scripts.yaml
@@ -0,0 +1,342 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "redis.fullname" . }}-scripts
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "redis.name" . }}
+    chart: {{ template "redis.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+data:
+{{- if and .Values.cluster.enabled .Values.sentinel.enabled }}
+  start-node.sh: |
+    #!/bin/bash
+    is_boolean_yes() {
+        local -r bool="${1:-}"
+        # comparison is performed without regard to the case of alphabetic characters
+        shopt -s nocasematch
+        if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
+            true
+        else
+            false
+        fi
+    }
+
+    export REDIS_REPLICATION_MODE="slave"
+    if [[ $HOSTNAME =~ (.*)-([0-9]+)$ ]]; then
+      if [[ ${BASH_REMATCH[2]} == "0" ]]; then
+        if [[ ! -f /data/redisboot.lock ]]; then
+          export REDIS_REPLICATION_MODE="master"
+        else
+          if is_boolean_yes "$REDIS_TLS_ENABLED"; then
+            sentinel_info_command="redis-cli -a $REDIS_PASSWORD -h {{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} info"
+          else
+            sentinel_info_command="redis-cli -a $REDIS_PASSWORD -h {{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -p {{ .Values.sentinel.port }} info"
+          fi
+          if [[ ! ($($sentinel_info_command)) ]]; then
+             export REDIS_REPLICATION_MODE="master"
+             rm /data/redisboot.lock
+          fi
+        fi
+      fi
+    fi
+
+    {{- if (eq (.Values.securityContext.runAsUser | int) 0) }}
+    useradd redis
+    chown -R redis {{ .Values.slave.persistence.path }}
+    {{- end }}
+
+    if [[ -n $REDIS_PASSWORD_FILE ]]; then
+      password_aux=`cat ${REDIS_PASSWORD_FILE}`
+      export REDIS_PASSWORD=$password_aux
+    fi
+
+    if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
+      password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+      export REDIS_MASTER_PASSWORD=$password_aux
+    fi
+
+    if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+      echo "I am master"
+      if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
+        cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
+      fi
+    else
+      if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
+        cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
+      fi
+
+      if is_boolean_yes "$REDIS_TLS_ENABLED"; then
+        sentinel_info_command="redis-cli -a $REDIS_PASSWORD -h {{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+      else
+        sentinel_info_command="redis-cli -a $REDIS_PASSWORD -h {{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+      fi
+      REDIS_SENTINEL_INFO=($($sentinel_info_command))
+      REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
+      REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
+    fi
+
+    if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+      cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+    fi
+    {{- if .Values.tls.enabled }}
+    ARGS=("--port" "0")
+    ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+    ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+    ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+    ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+    ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+    ARGS+=("--tls-replication" "yes")
+    {{- if .Values.tls.dhParamsFilename }}
+    ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+    {{- end }}
+    {{- else }}
+    ARGS=("--port" "${REDIS_PORT}")
+    {{- end }}
+
+    if [[ "$REDIS_REPLICATION_MODE" == "slave" ]]; then
+      ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
+    fi
+
+    {{- if .Values.usePassword }}
+    ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+    ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
+    {{- else }}
+    ARGS+=("--protected-mode" "no")
+    {{- end }}
+
+    if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+      ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
+    else
+      ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
+    fi
+
+    ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+    {{- if .Values.slave.extraFlags }}
+    {{- range .Values.slave.extraFlags }}
+    ARGS+=({{ . | quote }})
+    {{- end }}
+    {{- end }}
+
+    touch /data/redisboot.lock
+    {{- if .Values.slave.command }}
+    {{ .Values.slave.command }} "${ARGS[@]}"
+    {{- else }}
+    redis-server "${ARGS[@]}"
+    {{- end }}
+
+  start-sentinel.sh: |
+    #!/bin/bash
+    replace_in_file() {
+        local filename="${1:?filename is required}"
+        local match_regex="${2:?match regex is required}"
+        local substitute_regex="${3:?substitute regex is required}"
+        local posix_regex=${4:-true}
+
+        local result
+
+        # We should avoid using 'sed in-place' substitutions
+        # 1) They are not compatible with files mounted from ConfigMap(s)
+        # 2) We found incompatibility issues with Debian10 and "in-place" substitutions
+        del=$'\001' # Use a non-printable character as a 'sed' delimiter to avoid issues
+        if [[ $posix_regex = true ]]; then
+            result="$(sed -E "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+        else
+            result="$(sed "s${del}${match_regex}${del}${substitute_regex}${del}g" "$filename")"
+        fi
+        echo "$result" > "$filename"
+    }
+    sentinel_conf_set() {
+        local -r key="${1:?missing key}"
+        local value="${2:-}"
+
+        # Sanitize inputs
+        value="${value//\\/\\\\}"
+        value="${value//&/\\&}"
+        value="${value//\?/\\?}"
+        [[ "$value" = "" ]] && value="\"$value\""
+
+        replace_in_file "/opt/bitnami/redis-sentinel/etc/sentinel.conf" "^#*\s*${key} .*" "${key} ${value}" false
+    }
+    is_boolean_yes() {
+        local -r bool="${1:-}"
+        # comparison is performed without regard to the case of alphabetic characters
+        shopt -s nocasematch
+        if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
+            true
+        else
+            false
+        fi
+    }
+
+    if [[ -n $REDIS_PASSWORD_FILE ]]; then
+      password_aux=`cat ${REDIS_PASSWORD_FILE}`
+      export REDIS_PASSWORD=$password_aux
+    fi
+
+    if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]]; then
+      cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
+      {{- if .Values.usePassword }}
+      printf "\nsentinel auth-pass {{ .Values.sentinel.masterSet }} $REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+      {{- if .Values.sentinel.usePassword }}
+      printf "\nrequirepass $REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+      {{- end }}
+      {{- end }}
+      {{- if .Values.sentinel.staticID }}
+      printf "\nsentinel myid $(echo $HOSTNAME | openssl sha1 | awk '{ print $2 }')" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
+      {{- end }}
+    fi
+
+    export REDIS_REPLICATION_MODE="slave"
+    if [[ $HOSTNAME =~ (.*)-([0-9]+)$ ]]; then
+      if [[ ${BASH_REMATCH[2]} == "0" ]]; then
+        if [[ ! -f /data/sentinelboot.lock ]]; then
+          export REDIS_REPLICATION_MODE="master"
+        else
+          if is_boolean_yes "$REDIS_TLS_ENABLED"; then
+            sentinel_info_command="redis-cli -a $REDIS_PASSWORD -h {{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} info"
+          else
+            sentinel_info_command="redis-cli -a $REDIS_PASSWORD -h {{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -p {{ .Values.sentinel.port }} info"
+          fi
+          if [[ ! ($($sentinel_info_command)) ]]; then
+             export REDIS_REPLICATION_MODE="master"
+             rm /data/sentinelboot.lock
+          fi
+        fi
+      fi
+    fi
+
+    if [[ "$REDIS_REPLICATION_MODE" == "master" ]]; then
+      sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} {{ template "redis.fullname" . }}-node-0.{{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} {{ .Values.redisPort }} {{ .Values.sentinel.quorum }}"
+    else
+      if is_boolean_yes "$REDIS_TLS_ENABLED"; then
+        sentinel_info_command="redis-cli -a $REDIS_PASSWORD -h {{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -p {{ .Values.sentinel.port }} --tls --cert ${REDIS_TLS_CERT_FILE} --key ${REDIS_TLS_KEY_FILE} --cacert ${REDIS_TLS_CA_FILE} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+      else
+        sentinel_info_command="redis-cli -a $REDIS_PASSWORD -h {{ template "redis.fullname" . }}-headless.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -p {{ .Values.sentinel.port }} sentinel get-master-addr-by-name {{ .Values.sentinel.masterSet }}"
+      fi
+      REDIS_SENTINEL_INFO=($($sentinel_info_command))
+      REDIS_MASTER_HOST=${REDIS_SENTINEL_INFO[0]}
+      REDIS_MASTER_PORT_NUMBER=${REDIS_SENTINEL_INFO[1]}
+
+      sentinel_conf_set "sentinel monitor" "{{ .Values.sentinel.masterSet }} "$REDIS_MASTER_HOST" "$REDIS_MASTER_PORT_NUMBER" {{ .Values.sentinel.quorum }}"
+    fi
+
+    {{- if .Values.tls.enabled }}
+    ARGS=("--port" "0")
+    ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}")
+    ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}")
+    ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}")
+    ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}")
+    ARGS+=("--tls-replication" "yes")
+    ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}")
+    {{- if .Values.tls.dhParamsFilename }}
+    ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}")
+    {{- end }}
+    {{- end }}
+    touch /data/sentinelboot.lock
+    redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }}
+{{- else }}
+  start-master.sh: |
+    #!/bin/bash
+    {{- if (eq (.Values.securityContext.runAsUser | int) 0) }}
+    useradd redis
+    chown -R redis {{ .Values.master.persistence.path }}
+    {{- end }}
+    if [[ -n $REDIS_PASSWORD_FILE ]]; then
+      password_aux=`cat ${REDIS_PASSWORD_FILE}`
+      export REDIS_PASSWORD=$password_aux
+    fi
+    if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
+      cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
+    fi
+    if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+      cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+    fi
+    {{- if .Values.tls.enabled }}
+    ARGS=("--port" "0")
+    ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+    ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+    ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+    ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+    ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+    {{- if .Values.tls.dhParamsFilename }}
+    ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+    {{- end }}
+    {{- else }}
+    ARGS=("--port" "${REDIS_PORT}")
+    {{- end }}
+    {{- if .Values.usePassword }}
+    ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+    ARGS+=("--masterauth" "${REDIS_PASSWORD}")
+    {{- else }}
+    ARGS+=("--protected-mode" "no")
+    {{- end }}
+    ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+    ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
+    {{- if .Values.master.extraFlags }}
+    {{- range .Values.master.extraFlags }}
+    ARGS+=({{ . | quote }})
+    {{- end }}
+    {{- end }}
+    {{- if .Values.master.command }}
+    {{ .Values.master.command }} ${ARGS[@]}
+    {{- else }}
+    redis-server "${ARGS[@]}"
+    {{- end }}
+
+  start-slave.sh: |
+    #!/bin/bash
+    {{- if (eq (.Values.securityContext.runAsUser | int) 0) }}
+    useradd redis
+    chown -R redis {{ .Values.slave.persistence.path }}
+    {{- end }}
+    if [[ -n $REDIS_PASSWORD_FILE ]]; then
+      password_aux=`cat ${REDIS_PASSWORD_FILE}`
+      export REDIS_PASSWORD=$password_aux
+    fi
+    if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
+      password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
+      export REDIS_MASTER_PASSWORD=$password_aux
+    fi
+    if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
+      cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
+    fi
+    if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
+      cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
+    fi
+    {{- if .Values.tls.enabled }}
+    ARGS=("--port" "0")
+    ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
+    ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
+    ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
+    ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
+    ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
+    ARGS+=("--tls-replication" "yes")
+    {{- if .Values.tls.dhParamsFilename }}
+    ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
+    {{- end }}
+    {{- else }}
+    ARGS=("--port" "${REDIS_PORT}")
+    {{- end }}
+    ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
+    {{- if .Values.usePassword }}
+    ARGS+=("--requirepass" "${REDIS_PASSWORD}")
+    ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
+    {{- else }}
+    ARGS+=("--protected-mode" "no")
+    {{- end }}
+    ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
+    ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
+    {{- if .Values.slave.extraFlags }}
+    {{- range .Values.slave.extraFlags }}
+    ARGS+=({{ . | quote }})
+    {{- end }}
+    {{- end }}
+    {{- if .Values.slave.command }}
+    {{ .Values.slave.command }} "${ARGS[@]}"
+    {{- else }}
+    redis-server "${ARGS[@]}"
+    {{- end }}
+
+{{- end -}}
--- a/bitnami/redis/templates/redis-master-statefulset.yaml
+++ b/bitnami/redis/templates/redis-master-statefulset.yaml
@@ -1,3 +1,4 @@
+{{- if and .Values.cluster.enabled (not .Values.sentinel.enabled) }}
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@@ -77,52 +78,7 @@ spec:
          command:
            - /bin/bash
            - -c
-            - |
-              {{- if (eq (.Values.securityContext.runAsUser | int) 0) }}
-              useradd redis
-              chown -R redis {{ .Values.master.persistence.path }}
-              {{- end }}
-              if [[ -n $REDIS_PASSWORD_FILE ]]; then
-                password_aux=`cat ${REDIS_PASSWORD_FILE}`
-                export REDIS_PASSWORD=$password_aux
-              fi
-              if [[ ! -f /opt/bitnami/redis/etc/master.conf ]];then
-                cp /opt/bitnami/redis/mounted-etc/master.conf /opt/bitnami/redis/etc/master.conf
-              fi
-              if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
-                cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
-              fi
-              {{- if .Values.tls.enabled }}
-              ARGS=("--port" "0")
-              ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
-              ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
-              ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
-              ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
-              ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
-              {{- if .Values.tls.dhParamsFilename }}
-              ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
-              {{- end }}
-              {{- else }}
-              ARGS=("--port" "${REDIS_PORT}")
-              {{- end }}
-              {{- if .Values.usePassword }}
-              ARGS+=("--requirepass" "${REDIS_PASSWORD}")
-              ARGS+=("--masterauth" "${REDIS_PASSWORD}")
-              {{- else }}
-              ARGS+=("--protected-mode" "no")
-              {{- end }}
-              ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
-              ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf")
-              {{- if .Values.master.extraFlags }}
-              {{- range .Values.master.extraFlags }}
-              ARGS+=({{ . | quote }})
-              {{- end }}
-              {{- end }}
-              {{- if .Values.master.command }}
-              {{ .Values.master.command }} ${ARGS[@]}
-              {{- else }}
-              redis-server "${ARGS[@]}"
-              {{- end }}
+            - /opt/bitnami/scripts/start-scripts/start-master.sh
          env:
            - name: REDIS_REPLICATION_MODE
              value: master
@@ -212,6 +168,8 @@ spec:
          {{- end }}
          resources: {{- toYaml .Values.master.resources | nindent 12 }}
          volumeMounts:
+            - name: start-scripts
+              mountPath: /opt/bitnami/scripts/start-scripts
            - name: health
              mountPath: /health
            {{- if .Values.usePasswordFile }}
@@ -230,144 +188,6 @@ spec:
              mountPath: /opt/bitnami/redis/certs
              readOnly: true
            {{- end }}
-        {{- if and .Values.cluster.enabled .Values.sentinel.enabled }}
-        - name: sentinel
-          image: "{{ template "sentinel.image" . }}"
-          imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }}
-          {{- if .Values.securityContext.enabled }}
-          securityContext:
-            runAsUser: {{ .Values.securityContext.runAsUser }}
-          {{- end }}
-          command:
-            - /bin/bash
-            - -c
-            - |
-              if [[ -n $REDIS_PASSWORD_FILE ]]; then
-                password_aux=`cat ${REDIS_PASSWORD_FILE}`
-                export REDIS_PASSWORD=$password_aux
-              fi
-              if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]];then
-                cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
-                {{- if .Values.usePassword }}
-                printf "\nsentinel auth-pass {{ .Values.sentinel.masterSet }} $REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
-                {{- if .Values.sentinel.usePassword }}
-                printf "\nrequirepass $REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
-                {{- end }}
-                {{- end }}
-                {{- if .Values.sentinel.staticID }}
-                printf "\nsentinel myid $(echo $HOSTNAME | openssl sha1 | awk '{ print $2 }')" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
-                {{- end }}
-              fi
-              echo "Getting information about current running sentinels"
-              # Get information from existing sentinels
-              existing_sentinels=$(timeout -s 3 {{ .Values.sentinel.initialCheckTimeout }} redis-cli --raw -h {{ template "redis.fullname" . }} -a "$REDIS_PASSWORD" -p {{ .Values.sentinel.service.sentinelPort }} SENTINEL sentinels {{ .Values.sentinel.masterSet }})
-              echo "$existing_sentinels" | awk -f /health/parse_sentinels.awk | tee -a  /opt/bitnami/redis-sentinel/etc/sentinel.conf
-
-              {{- if .Values.tls.enabled }}
-              ARGS=("--port" "0")
-              ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}")
-              ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}")
-              ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}")
-              ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}")
-              ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}")
-              ARGS+=("--tls-replication" "yes")
-              {{- if .Values.tls.dhParamsFilename }}
-              ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}")
-              {{- end }}
-              {{- end }}
-
-              redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }}
-          env:
-            {{- if .Values.usePassword }}
-            {{- if .Values.usePasswordFile }}
-            - name: REDIS_PASSWORD_FILE
-              value: "/opt/bitnami/redis/secrets/redis-password"
-            {{- else }}
-            - name: REDIS_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "redis.secretName" . }}
-                  key: {{ template "redis.secretPasswordKey" . }}
-            {{- end }}
-            {{- else }}
-            - name: ALLOW_EMPTY_PASSWORD
-              value: "yes"
-            {{- end }}
-            - name: REDIS_SENTINEL_TLS_ENABLED
-              value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
-            {{- if .Values.tls.enabled }}
-            - name: REDIS_SENTINEL_TLS_PORT_NUMBER
-              value: {{ .Values.sentinel.port | quote }}
-            - name:  REDIS_SENTINEL_TLS_AUTH_CLIENTS
-              value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
-            - name:  REDIS_SENTINEL_TLS_CERT_FILE
-              value: {{ template "redis.tlsCert" . }}
-            - name:  REDIS_SENTINEL_TLS_KEY_FILE
-              value: {{ template "redis.tlsCertKey" . }}
-            - name:  REDIS_SENTINEL_TLS_CA_FILE
-              value: {{ template "redis.tlsCACert" . }}
-            {{- if .Values.tls.dhParamsFilename }}
-            - name:  REDIS_SENTINEL_TLS_DH_PARAMS_FILE
-              value: {{ template "redis.dhParams" . }}
-            {{- end }}
-            {{- else }}
-            - name: REDIS_SENTINEL_PORT
-              value: {{ .Values.sentinel.port | quote }}
-            {{- end }}
-          ports:
-            - name: redis-sentinel
-              containerPort: {{ .Values.sentinel.port }}
-          {{- if .Values.sentinel.livenessProbe.enabled }}
-          livenessProbe:
-            initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ add1 .Values.sentinel.livenessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
-            failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
-            exec:
-              command:
-                - sh
-                - -c
-                - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
-          {{- else if .Values.sentinel.customLivenessProbe }}
-          livenessProbe: {{- toYaml .Values.sentinel.customLivenessProbe | nindent 12 }}
-          {{- end }}
-          {{- if .Values.sentinel.readinessProbe.enabled}}
-          readinessProbe:
-            initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ add1 .Values.sentinel.readinessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
-            failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
-            exec:
-              command:
-                - sh
-                - -c
-                - /health/ping_sentinel.sh {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
-          {{- else if .Values.sentinel.customReadinessProbe }}
-          readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }}
-          {{- end }}
-          resources: {{- toYaml .Values.sentinel.resources | nindent 12 }}
-          volumeMounts:
-            - name: health
-              mountPath: /health
-            {{- if .Values.usePasswordFile }}
-            - name: redis-password
-              mountPath: /opt/bitnami/redis/secrets/
-            {{- end }}
-            - name: redis-data
-              mountPath: {{ .Values.master.persistence.path }}
-              subPath: {{ .Values.master.persistence.subPath }}
-            - name: config
-              mountPath: /opt/bitnami/redis-sentinel/mounted-etc
-            - name: sentinel-tmp-conf
-              mountPath: /opt/bitnami/redis-sentinel/etc/
-            {{- if .Values.tls.enabled }}
-            - name: redis-certificates
-              mountPath: /opt/bitnami/redis/certs
-              readOnly: true
-            {{- end }}
-        {{- end }}
  {{- if .Values.metrics.enabled }}
        - name: metrics
          image: {{ template "redis.metrics.image" . }}
@@ -444,6 +264,10 @@ spec:
      {{- end }}
      {{- end }}
      volumes:
+        - name: start-scripts
+          configMap:
+            name: {{ include "redis.fullname" . }}-scripts
+            defaultMode: 0755
        - name: health
          configMap:
            name: {{ template "redis.fullname" . }}-health
@@ -476,10 +300,6 @@ spec:
        {{- end }}
        - name: redis-tmp-conf
          emptyDir: {}
-        {{- if and .Values.cluster.enabled .Values.sentinel.enabled }}
-        - name: sentinel-tmp-conf
-          emptyDir: {}
-        {{- end }}
        {{- if .Values.tls.enabled }}
        - name: redis-certificates
          secret:
@@ -522,3 +342,5 @@ spec:
      partition: {{ .Values.master.statefulset.rollingUpdatePartition }}
    {{- end }}
    {{- end }}
+{{- end }}
+
--- a/bitnami/redis/templates/redis-node-statefulset.yaml
+++ b/bitnami/redis/templates/redis-node-statefulset.yaml
@@ -0,0 +1,450 @@
+{{- if and .Values.cluster.enabled .Values.sentinel.enabled }}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "redis.fullname" . }}-node
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "redis.name" . }}
+    chart: {{ template "redis.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.slave.updateStrategy }}
+  strategy: {{- toYaml .Values.slave.updateStrategy | nindent 4 }}
+{{- end }}
+  replicas: {{ .Values.cluster.slaveCount }}
+  serviceName: {{ template "redis.fullname" . }}-headless
+  selector:
+    matchLabels:
+      app: {{ template "redis.name" . }}
+      release: {{ .Release.Name }}
+      role: node
+  template:
+    metadata:
+      labels:
+        app: {{ template "redis.name" . }}
+        release: {{ .Release.Name }}
+        chart: {{ template "redis.chart" . }}
+        role: node
+      {{- if .Values.slave.podLabels }}
+      {{- toYaml .Values.slave.podLabels | nindent 8 }}
+      {{- end }}
+      {{- if and .Values.metrics.enabled .Values.metrics.podLabels }}
+      {{- toYaml .Values.metrics.podLabels | nindent 8 }}
+      {{- end }}
+      annotations:
+        checksum/health: {{ include (print $.Template.BasePath "/health-configmap.yaml") . | sha256sum }}
+        checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+      {{- if .Values.slave.podAnnotations }}
+      {{- toYaml .Values.slave.podAnnotations | nindent 8 }}
+      {{- end }}
+      {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+      {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- include "redis.imagePullSecrets" . | nindent 6 }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+        {{- if .Values.securityContext.sysctls }}
+        sysctls: {{- toYaml .Values.securityContext.sysctls | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      serviceAccountName: {{ template "redis.serviceAccountName" . }}
+      {{- if .Values.slave.priorityClassName }}
+      priorityClassName: "{{ .Values.slave.priorityClassName }}"
+      {{- end }}
+      {{- if .Values.slave.nodeSelector }}
+      nodeSelector: {{- toYaml .Values.slave.nodeSelector | nindent 8 }}
+      {{- end }}
+      {{- if .Values.slave.tolerations }}
+      tolerations: {{- toYaml .Values.slave.tolerations | nindent 8 }}
+      {{- end }}
+      {{- if .Values.slave.schedulerName }}
+      schedulerName: {{ .Values.slave.schedulerName }}
+      {{- end }}
+      {{- if .Values.master.spreadConstraints }}
+      topologySpreadConstraints: {{- toYaml .Values.master.spreadConstraints | nindent 8 }}
+      {{- end }}
+      {{- with .Values.slave.affinity }}
+      affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ template "redis.name" . }}
+          image: {{ template "redis.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
+          {{- if .Values.securityContext.enabled }}
+          securityContext:
+            runAsUser: {{ .Values.securityContext.runAsUser }}
+          {{- end }}
+          command:
+            - /bin/bash
+            - -c
+            - /opt/bitnami/scripts/start-scripts/start-node.sh
+          env:
+            - name: REDIS_MASTER_PORT_NUMBER
+              value: {{ .Values.redisPort | quote }}
+            {{- if .Values.usePassword }}
+            {{- if .Values.usePasswordFile }}
+            - name: REDIS_PASSWORD_FILE
+              value: "/opt/bitnami/redis/secrets/redis-password"
+            - name: REDIS_MASTER_PASSWORD_FILE
+              value: "/opt/bitnami/redis/secrets/redis-password"
+            {{- else }}
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "redis.secretName" . }}
+                  key: {{ template "redis.secretPasswordKey" . }}
+            - name: REDIS_MASTER_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "redis.secretName" . }}
+                  key: {{ template "redis.secretPasswordKey" . }}
+            {{- end }}
+            {{- else }}
+            - name: ALLOW_EMPTY_PASSWORD
+              value: "yes"
+            {{- end }}
+            - name: REDIS_TLS_ENABLED
+              value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+            {{- if .Values.tls.enabled }}
+            - name: REDIS_TLS_PORT
+              value: {{ .Values.redisPort | quote }}
+            - name:  REDIS_TLS_AUTH_CLIENTS
+              value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
+            - name:  REDIS_TLS_CERT_FILE
+              value: {{ template "redis.tlsCert" . }}
+            - name:  REDIS_TLS_KEY_FILE
+              value: {{ template "redis.tlsCertKey" . }}
+            - name:  REDIS_TLS_CA_FILE
+              value: {{ template "redis.tlsCACert" . }}
+            {{- if .Values.tls.dhParamsFilename }}
+            - name:  REDIS_TLS_DH_PARAMS_FILE
+              value: {{ template "redis.tlsDHParams" . }}
+            {{- end }}
+            {{- else }}
+            - name: REDIS_PORT
+              value: {{ .Values.redisPort | quote }}
+            {{- end }}
+            - name: REDIS_DATA_DIR
+              value: {{ .Values.slave.persistence.path }}
+          ports:
+            - name: redis
+              containerPort: {{ .Values.redisPort }}
+          {{- if .Values.slave.livenessProbe.enabled }}
+          livenessProbe:
+            initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.slave.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.slave.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold}}
+            exec:
+              command:
+                - sh
+                - -c
+                {{- if .Values.sentinel.enabled }}
+                - /health/ping_liveness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+                {{- else }}
+                - /health/ping_liveness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+                {{- end }}
+          {{- else if .Values.slave.customLivenessProbe }}
+          livenessProbe: {{- toYaml .Values.slave.customLivenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.slave.readinessProbe.enabled }}
+          readinessProbe:
+            initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.slave.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.slave.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }}
+            exec:
+              command:
+                - sh
+                - -c
+                {{- if .Values.sentinel.enabled }}
+                - /health/ping_readiness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+                {{- else }}
+                - /health/ping_readiness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
+                {{- end }}
+          {{- else if .Values.slave.customReadinessProbe }}
+          readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }}
+          {{- end }}
+          resources: {{- toYaml .Values.slave.resources | nindent 12 }}
+          volumeMounts:
+            - name: start-scripts
+              mountPath: /opt/bitnami/scripts/start-scripts
+            - name: health
+              mountPath: /health
+            {{- if .Values.usePasswordFile }}
+            - name: redis-password
+              mountPath: /opt/bitnami/redis/secrets/
+            {{- end }}
+            - name: redis-data
+              mountPath: /data
+            - name: config
+              mountPath: /opt/bitnami/redis/mounted-etc
+            - name: redis-tmp-conf
+              mountPath: /opt/bitnami/redis/etc
+            {{- if .Values.tls.enabled }}
+            - name: redis-certificates
+              mountPath: /opt/bitnami/redis/certs
+              readOnly: true
+            {{- end }}
+        {{- if and .Values.cluster.enabled .Values.sentinel.enabled }}
+        - name: sentinel
+          image: {{ template "sentinel.image" . }}
+          imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }}
+          {{- if .Values.securityContext.enabled }}
+          securityContext:
+            runAsUser: {{ .Values.securityContext.runAsUser }}
+          {{- end }}
+          command:
+            - /bin/bash
+            - -c
+            - /opt/bitnami/scripts/start-scripts/start-sentinel.sh
+          env:
+            {{- if .Values.usePassword }}
+            {{- if .Values.usePasswordFile }}
+            - name: REDIS_PASSWORD_FILE
+              value: "/opt/bitnami/redis/secrets/redis-password"
+            {{- else }}
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "redis.secretName" . }}
+                  key: {{ template "redis.secretPasswordKey" . }}
+            {{- end }}
+            {{- else }}
+            - name: ALLOW_EMPTY_PASSWORD
+              value: "yes"
+            {{- end }}
+            - name: REDIS_SENTINEL_TLS_ENABLED
+              value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
+            {{- if .Values.tls.enabled }}
+            - name: REDIS_SENTINEL_TLS_PORT_NUMBER
+              value: {{ .Values.sentinel.port | quote }}
+            - name:  REDIS_SENTINEL_TLS_AUTH_CLIENTS
+              value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
+            - name:  REDIS_SENTINEL_TLS_CERT_FILE
+              value: {{ template "redis.tlsCert" . }}
+            - name:  REDIS_SENTINEL_TLS_KEY_FILE
+              value: {{ template "redis.tlsCertKey" . }}
+            - name:  REDIS_SENTINEL_TLS_CA_FILE
+              value: {{ template "redis.tlsCACert" . }}
+            {{- if .Values.tls.dhParamsFilename }}
+            - name:  REDIS_SENTINEL_TLS_DH_PARAMS_FILE
+              value: {{ template "redis.dhParams" . }}
+            {{- end }}
+            {{- else }}
+            - name: REDIS_SENTINEL_PORT
+              value: {{ .Values.sentinel.port | quote }}
+            {{- end }}
+          ports:
+            - name: redis-sentinel
+              containerPort: {{ .Values.sentinel.port }}
+          {{- if .Values.sentinel.livenessProbe.enabled }}
+          livenessProbe:
+            initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
+            failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
+            exec:
+              command:
+                - sh
+                - -c
+                - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
+          {{- else if .Values.sentinel.customLivenessProbe }}
+          livenessProbe: {{- toYaml .Values.sentinel.customLivenessProbe | nindent 12 }}
+          {{- end }}
+          {{- if .Values.sentinel.readinessProbe.enabled}}
+          readinessProbe:
+            initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
+            successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
+            failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
+            exec:
+              command:
+                - sh
+                - -c
+                - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
+          {{- else if .Values.sentinel.customReadinessProbe }}
+          readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }}
+          {{- end }}
+          resources: {{- toYaml .Values.sentinel.resources | nindent 12 }}
+          volumeMounts:
+            - name: start-scripts
+              mountPath: /opt/bitnami/scripts/start-scripts
+            - name: health
+              mountPath: /health
+            {{- if .Values.usePasswordFile }}
+            - name: redis-password
+              mountPath: /opt/bitnami/redis/secrets/
+            {{- end }}
+            - name: redis-data
+              mountPath: {{ .Values.master.persistence.path }}
+              subPath: {{ .Values.master.persistence.subPath }}
+            - name: config
+              mountPath: /opt/bitnami/redis-sentinel/mounted-etc
+            - name: sentinel-tmp-conf
+              mountPath: /opt/bitnami/redis-sentinel/etc
+            {{- if .Values.tls.enabled }}
+            - name: redis-certificates
+              mountPath: /opt/bitnami/redis/certs
+              readOnly: true
+            {{- end }}
+          {{- end }}
+        {{- if .Values.metrics.enabled }}
+        - name: metrics
+          image: {{ template "redis.metrics.image" . }}
+          imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+          command:
+            - /bin/bash
+            - -c
+            - |
+              if [[ -f '/secrets/redis-password' ]]; then
+              export REDIS_PASSWORD=$(cat /secrets/redis-password)
+              fi
+              redis_exporter{{- range $key, $value := .Values.metrics.extraArgs }} --{{ $key }}={{ $value }}{{- end }}
+          env:
+            - name: REDIS_ALIAS
+              value: {{ template "redis.fullname" . }}
+            {{- if and .Values.usePassword (not .Values.usePasswordFile) }}
+            - name: REDIS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "redis.secretName" . }}
+                  key: {{ template "redis.secretPasswordKey" . }}
+            {{- end }}
+            {{- if .Values.tls.enabled }}
+            - name: REDIS_EXPORTER_TLS_CLIENT_KEY_FILE
+              value: {{ template "redis.tlsCertKey" . }}
+            - name: REDIS_EXPORTER_TLS_CLIENT_CERT_FILE
+              value: {{ template "redis.tlsCert" . }}
+            {{- end }}
+          volumeMounts:
+            {{- if .Values.usePasswordFile }}
+            - name: redis-password
+              mountPath: /secrets/
+            {{- end }}
+            {{- if .Values.tls.enabled }}
+            - name: redis-certificates
+              mountPath: /opt/bitnami/redis/certs
+              readOnly: true
+            {{- end }}
+          ports:
+            - name: metrics
+              containerPort: 9121
+          resources: {{- toYaml .Values.metrics.resources | nindent 12 }}
+  {{- end }}
+      {{- $needsVolumePermissions := and .Values.volumePermissions.enabled (and .Values.slave.persistence.enabled .Values.securityContext.enabled) }}
+      {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }}
+      initContainers:
+        {{- if $needsVolumePermissions }}
+        - name: volume-permissions
+          image: {{ template "redis.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command: ["/bin/chown", "-R", "{{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }}", "{{ .Values.slave.persistence.path }}"]
+          securityContext:
+            runAsUser: 0
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          volumeMounts:
+            - name: redis-data
+              mountPath: {{ .Values.slave.persistence.path }}
+              subPath: {{ .Values.slave.persistence.subPath }}
+        {{- end }}
+        {{- if .Values.sysctlImage.enabled }}
+        - name: init-sysctl
+          image: {{ template "redis.sysctl.image" . }}
+          imagePullPolicy: {{ default "" .Values.sysctlImage.pullPolicy | quote }}
+          resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }}
+          {{- if .Values.sysctlImage.mountHostSys }}
+          volumeMounts:
+            - name: host-sys
+              mountPath: /host-sys
+          {{- end }}
+          command: {{- toYaml .Values.sysctlImage.command | nindent 12 }}
+          securityContext:
+            privileged: true
+            runAsUser: 0
+        {{- end }}
+        {{- end }}
+      volumes:
+        - name: start-scripts
+          configMap:
+            name: {{ include "redis.fullname" . }}-scripts
+            defaultMode: 0755
+        - name: health
+          configMap:
+            name: {{ template "redis.fullname" . }}-health
+            defaultMode: 0755
+        {{- if .Values.usePasswordFile }}
+        - name: redis-password
+          secret:
+            secretName: {{ template "redis.secretName" . }}
+            items:
+            - key: {{ template "redis.secretPasswordKey" . }}
+              path: redis-password
+        {{- end }}
+        - name: config
+          configMap:
+            name: {{ template "redis.fullname" . }}
+        {{- if .Values.sysctlImage.mountHostSys }}
+        - name: host-sys
+          hostPath:
+            path: /sys
+        {{- end }}
+        - name: sentinel-tmp-conf
+          emptyDir: {}
+        - name: redis-tmp-conf
+          emptyDir: {}
+    {{- if .Values.tls.enabled }}
+        - name: redis-certificates
+          secret:
+            secretName: {{ required "A secret containing the certificates for the TLS traffic is required when TLS in enabled" .Values.tls.certificatesSecret }}
+            defaultMode: 256
+    {{- end }}
+    {{- if not .Values.slave.persistence.enabled }}
+        - name: redis-data
+          emptyDir: {}
+    {{- else }}
+  volumeClaimTemplates:
+    - metadata:
+        name: redis-data
+        labels:
+          app: {{ template "redis.name" . }}
+          release: {{ .Release.Name }}
+          heritage: {{ .Release.Service }}
+          component: slave
+      spec:
+        accessModes:
+        {{- range .Values.slave.persistence.accessModes }}
+          - {{ . | quote }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ .Values.slave.persistence.size | quote }}
+        {{ include "redis.slave.storageClass" . }}
+        selector:
+        {{- if .Values.slave.persistence.matchLabels }}
+          matchLabels: {{- toYaml .Values.slave.persistence.matchLabels | nindent 12 }}
+        {{- end -}}
+        {{- if .Values.slave.persistence.matchExpressions }}
+          matchExpressions: {{- toYaml .Values.slave.persistence.matchExpressions | nindent 12 }}
+        {{- end -}}
+  {{- end }}
+  updateStrategy:
+    type: {{ .Values.slave.statefulset.updateStrategy }}
+    {{- if .Values.slave.statefulset.rollingUpdatePartition }}
+    {{- if (eq "Recreate" .Values.slave.statefulset.updateStrategy) }}
+    rollingUpdate: null
+    {{- else }}
+    rollingUpdate:
+      partition: {{ .Values.slave.statefulset.rollingUpdatePartition }}
+    {{- end }}
+    {{- end }}
+{{- end }}
--- a/bitnami/redis/templates/redis-slave-statefulset.yaml
+++ b/bitnami/redis/templates/redis-slave-statefulset.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.cluster.enabled }}
+{{- if and .Values.cluster.enabled (not .Values.sentinel.enabled) }}
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
@@ -85,58 +85,7 @@ spec:
          command:
            - /bin/bash
            - -c
-            - |
-              {{- if (eq (.Values.securityContext.runAsUser | int) 0) }}
-              useradd redis
-              chown -R redis {{ .Values.slave.persistence.path }}
-              {{- end }}
-              if [[ -n $REDIS_PASSWORD_FILE ]]; then
-                password_aux=`cat ${REDIS_PASSWORD_FILE}`
-                export REDIS_PASSWORD=$password_aux
-              fi
-              if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then
-                password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}`
-                export REDIS_MASTER_PASSWORD=$password_aux
-              fi
-              if [[ ! -f /opt/bitnami/redis/etc/replica.conf ]];then
-                cp /opt/bitnami/redis/mounted-etc/replica.conf /opt/bitnami/redis/etc/replica.conf
-              fi
-              if [[ ! -f /opt/bitnami/redis/etc/redis.conf ]];then
-                cp /opt/bitnami/redis/mounted-etc/redis.conf /opt/bitnami/redis/etc/redis.conf
-              fi
-              {{- if .Values.tls.enabled }}
-              ARGS=("--port" "0")
-              ARGS+=("--tls-port" "${REDIS_TLS_PORT}")
-              ARGS+=("--tls-cert-file" "${REDIS_TLS_CERT_FILE}")
-              ARGS+=("--tls-key-file" "${REDIS_TLS_KEY_FILE}")
-              ARGS+=("--tls-ca-cert-file" "${REDIS_TLS_CA_FILE}")
-              ARGS+=("--tls-auth-clients" "${REDIS_TLS_AUTH_CLIENTS}")
-              ARGS+=("--tls-replication" "yes")
-              {{- if .Values.tls.dhParamsFilename }}
-              ARGS+=("--tls-dh-params-file" "${REDIS_TLS_DH_PARAMS_FILE}")
-              {{- end }}
-              {{- else }}
-              ARGS=("--port" "${REDIS_PORT}")
-              {{- end }}
-              ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}")
-              {{- if .Values.usePassword }}
-              ARGS+=("--requirepass" "${REDIS_PASSWORD}")
-              ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}")
-              {{- else }}
-              ARGS+=("--protected-mode" "no")
-              {{- end }}
-              ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf")
-              ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf")
-              {{- if .Values.slave.extraFlags }}
-              {{- range .Values.slave.extraFlags }}
-              ARGS+=({{ . | quote }})
-              {{- end }}
-              {{- end }}
-              {{- if .Values.slave.command }}
-              {{ .Values.slave.command }} "${ARGS[@]}"
-              {{- else }}
-              redis-server "${ARGS[@]}"
-              {{- end }}
+            - /opt/bitnami/scripts/start-scripts/start-slave.sh
          env:
            - name: REDIS_REPLICATION_MODE
              value: slave
@@ -215,11 +164,7 @@ spec:
              command:
                - sh
                - -c
-                {{- if .Values.sentinel.enabled }}
-                - /health/ping_liveness_local.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
-                {{- else }}
                - /health/ping_liveness_local_and_master.sh {{ .Values.slave.livenessProbe.timeoutSeconds }}
-                {{- end }}
          {{- else if .Values.slave.customLivenessProbe }}
          livenessProbe: {{- toYaml .Values.slave.customLivenessProbe | nindent 12 }}
          {{- end }}
@@ -234,16 +179,14 @@ spec:
              command:
                - sh
                - -c
-                {{- if .Values.sentinel.enabled }}
-                - /health/ping_readiness_local.sh {{ .Values.slave.readinessProbe.timeoutSeconds }}
-                {{- else }}
                - /health/ping_readiness_local_and_master.sh {{ .Values.slave.readinessProbe.timeoutSeconds }}
-                {{- end }}
          {{- else if .Values.slave.customReadinessProbe }}
          readinessProbe: {{- toYaml .Values.slave.customReadinessProbe | nindent 12 }}
          {{- end }}
          resources: {{- toYaml .Values.slave.resources | nindent 12 }}
          volumeMounts:
+            - name: start-scripts
+              mountPath: /opt/bitnami/scripts/start-scripts
            - name: health
              mountPath: /health
            {{- if .Values.usePasswordFile }}
@@ -261,140 +204,6 @@ spec:
              mountPath: /opt/bitnami/redis/certs
              readOnly: true
            {{- end }}
-        {{- if and .Values.cluster.enabled .Values.sentinel.enabled }}
-        - name: sentinel
-          image: {{ template "sentinel.image" . }}
-          imagePullPolicy: {{ .Values.sentinel.image.pullPolicy | quote }}
-          {{- if .Values.securityContext.enabled }}
-          securityContext:
-            runAsUser: {{ .Values.securityContext.runAsUser }}
-          {{- end }}
-          command:
-            - /bin/bash
-            - -c
-            - |
-              if [[ -n $REDIS_PASSWORD_FILE ]]; then
-                password_aux=`cat ${REDIS_PASSWORD_FILE}`
-                export REDIS_PASSWORD=$password_aux
-              fi
-              if [[ ! -f /opt/bitnami/redis-sentinel/etc/sentinel.conf ]];then
-                cp /opt/bitnami/redis-sentinel/mounted-etc/sentinel.conf /opt/bitnami/redis-sentinel/etc/sentinel.conf
-                {{- if .Values.usePassword }}
-                printf "\nsentinel auth-pass {{ .Values.sentinel.masterSet }} $REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
-                {{- if .Values.sentinel.usePassword }}
-                printf "\nrequirepass $REDIS_PASSWORD" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
-                {{- end }}
-                {{- end }}
-                {{- if .Values.sentinel.staticID }}
-                printf "\nsentinel myid $(echo $HOSTNAME | openssl sha1 | awk '{ print $2 }')" >> /opt/bitnami/redis-sentinel/etc/sentinel.conf
-                {{- end }}
-              fi
-
-              {{- if .Values.tls.enabled }}
-              ARGS=("--port" "0")
-              ARGS+=("--tls-port" "${REDIS_SENTINEL_TLS_PORT_NUMBER}")
-              ARGS+=("--tls-cert-file" "${REDIS_SENTINEL_TLS_CERT_FILE}")
-              ARGS+=("--tls-key-file" "${REDIS_SENTINEL_TLS_KEY_FILE}")
-              ARGS+=("--tls-ca-cert-file" "${REDIS_SENTINEL_TLS_CA_FILE}")
-              ARGS+=("--tls-replication" "yes")
-              ARGS+=("--tls-auth-clients" "${REDIS_SENTINEL_TLS_AUTH_CLIENTS}")
-              {{- if .Values.tls.dhParamsFilename }}
-              ARGS+=("--tls-dh-params-file" "${REDIS_SENTINEL_TLS_DH_PARAMS_FILE}")
-              {{- end }}
-              {{- end }}
-
-              redis-server /opt/bitnami/redis-sentinel/etc/sentinel.conf --sentinel {{- if .Values.tls.enabled }} "${ARGS[@]}" {{- end }}
-          env:
-            {{- if .Values.usePassword }}
-            {{- if .Values.usePasswordFile }}
-            - name: REDIS_PASSWORD_FILE
-              value: "/opt/bitnami/redis/secrets/redis-password"
-            {{- else }}
-            - name: REDIS_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: {{ template "redis.secretName" . }}
-                  key: {{ template "redis.secretPasswordKey" . }}
-            {{- end }}
-            {{- else }}
-            - name: ALLOW_EMPTY_PASSWORD
-              value: "yes"
-            {{- end }}
-            - name: REDIS_SENTINEL_TLS_ENABLED
-              value: {{ ternary "yes" "no" .Values.tls.enabled | quote }}
-            {{- if .Values.tls.enabled }}
-            - name: REDIS_SENTINEL_TLS_PORT_NUMBER
-              value: {{ .Values.sentinel.port | quote }}
-            - name:  REDIS_SENTINEL_TLS_AUTH_CLIENTS
-              value: {{ ternary "yes" "no" .Values.tls.authClients | quote }}
-            - name:  REDIS_SENTINEL_TLS_CERT_FILE
-              value: {{ template "redis.tlsCert" . }}
-            - name:  REDIS_SENTINEL_TLS_KEY_FILE
-              value: {{ template "redis.tlsCertKey" . }}
-            - name:  REDIS_SENTINEL_TLS_CA_FILE
-              value: {{ template "redis.tlsCACert" . }}
-            {{- if .Values.tls.dhParamsFilename }}
-            - name:  REDIS_SENTINEL_TLS_DH_PARAMS_FILE
-              value: {{ template "redis.dhParams" . }}
-            {{- end }}
-            {{- else }}
-            - name: REDIS_SENTINEL_PORT
-              value: {{ .Values.sentinel.port | quote }}
-            {{- end }}
-          ports:
-            - name: redis-sentinel
-              containerPort: {{ .Values.sentinel.port }}
-          {{- if .Values.sentinel.livenessProbe.enabled }}
-          livenessProbe:
-            initialDelaySeconds: {{ .Values.sentinel.livenessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.sentinel.livenessProbe.periodSeconds }}
-            timeoutSeconds: {{ add1 .Values.sentinel.livenessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.sentinel.livenessProbe.successThreshold }}
-            failureThreshold: {{ .Values.sentinel.livenessProbe.failureThreshold }}
-            exec:
-              command:
-                - sh
-                - -c
-                - /health/ping_sentinel.sh {{ .Values.sentinel.livenessProbe.timeoutSeconds }}
-          {{- else if .Values.sentinel.customLivenessProbe }}
-          livenessProbe: {{- toYaml .Values.sentinel.customLivenessProbe | nindent 12 }}
-          {{- end }}
-          {{- if .Values.sentinel.readinessProbe.enabled}}
-          readinessProbe:
-            initialDelaySeconds: {{ .Values.sentinel.readinessProbe.initialDelaySeconds }}
-            periodSeconds: {{ .Values.sentinel.readinessProbe.periodSeconds }}
-            timeoutSeconds: {{ add1 .Values.sentinel.readinessProbe.timeoutSeconds }}
-            successThreshold: {{ .Values.sentinel.readinessProbe.successThreshold }}
-            failureThreshold: {{ .Values.sentinel.readinessProbe.failureThreshold }}
-            exec:
-              command:
-                - sh
-                - -c
-                - /health/ping_sentinel.sh {{ .Values.sentinel.readinessProbe.timeoutSeconds }}
-          {{- else if .Values.sentinel.customReadinessProbe }}
-          readinessProbe: {{- toYaml .Values.sentinel.customReadinessProbe | nindent 12 }}
-          {{- end }}
-          resources: {{- toYaml .Values.sentinel.resources | nindent 12 }}
-          volumeMounts:
-            - name: health
-              mountPath: /health
-            {{- if .Values.usePasswordFile }}
-            - name: redis-password
-              mountPath: /opt/bitnami/redis/secrets/
-            {{- end }}
-            - name: redis-data
-              mountPath: {{ .Values.master.persistence.path }}
-              subPath: {{ .Values.master.persistence.subPath }}
-            - name: config
-              mountPath: /opt/bitnami/redis-sentinel/mounted-etc
-            - name: sentinel-tmp-conf
-              mountPath: /opt/bitnami/redis-sentinel/etc
-            {{- if .Values.tls.enabled }}
-            - name: redis-certificates
-              mountPath: /opt/bitnami/redis/certs
-              readOnly: true
-            {{- end }}
-          {{- end }}
        {{- if .Values.metrics.enabled }}
        - name: metrics
          image: {{ template "redis.metrics.image" . }}
@@ -471,6 +280,10 @@ spec:
        {{- end }}
        {{- end }}
      volumes:
+        - name: start-scripts
+          configMap:
+            name: {{ include "redis.fullname" . }}-scripts
+            defaultMode: 0755
        - name: health
          configMap:
            name: {{ template "redis.fullname" . }}-health
@@ -491,8 +304,6 @@ spec:
          hostPath:
            path: /sys
        {{- end }}
-        - name: sentinel-tmp-conf
-          emptyDir: {}
        - name: redis-tmp-conf
          emptyDir: {}
    {{- if .Values.tls.enabled }}