[ci skip] redis: pin service to master pod to fix read-only errors

The Bitnami Redis Sentinel chart's service selects all nodes (master + replicas). Clients using plain redis:// URLs (paperless-ngx, etc.) randomly hit read-only replicas, causing write failures. Pin the service to redis-node-0 (master).
2026-03-01 17:13:25 +00:00 · 2026-03-01 17:13:25 +00:00 · a8da2e3790
commit a8da2e3790
parent d7f031bc5f
1 changed files with 30 additions and 0 deletions
--- a/stacks/platform/modules/redis/main.tf
+++ b/stacks/platform/modules/redis/main.tf
@ -109,6 +109,36 @@ resource "helm_release" "redis" {
  })]
 }

+# Override the Helm-managed service to pin to master pod
+# Sentinel clients can use the headless service for discovery,
+# but simple redis:// clients (paperless-ngx, etc.) need to hit the master
+resource "kubernetes_service" "redis" {
+  metadata {
+    name      = "redis"
+    namespace = kubernetes_namespace.redis.metadata[0].name
+  }
+  spec {
+    selector = {
+      "app.kubernetes.io/component"          = "node"
+      "app.kubernetes.io/instance"           = "redis"
+      "app.kubernetes.io/name"               = "redis"
+      "statefulset.kubernetes.io/pod-name"   = "redis-node-0"
+    }
+    port {
+      name        = "tcp-redis"
+      port        = 6379
+      target_port = 6379
+    }
+    port {
+      name        = "tcp-sentinel"
+      port        = 26379
+      target_port = 26379
+    }
+  }
+
+  depends_on = [helm_release.redis]
+}
+
 # Hourly backup: copy RDB snapshot from master to NFS
 resource "kubernetes_cron_job_v1" "redis-backup" {
  metadata {