diff --git a/charts/horizon/.gitignore b/charts/horizon/.gitignore
new file mode 100644
index 0000000..ad151e2
--- /dev/null
+++ b/charts/horizon/.gitignore
@@ -0,0 +1,3 @@
+.idea
+charts/*.tgz
+.DS_Store
\ No newline at end of file
diff --git a/charts/horizon/.helmignore b/charts/horizon/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/horizon/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/horizon/Chart.yaml b/charts/horizon/Chart.yaml
new file mode 100644
index 0000000..bae64e6
--- /dev/null
+++ b/charts/horizon/Chart.yaml
@@ -0,0 +1,42 @@
+apiVersion: v2
+name: horizon
+description: A CICD DevOps Platform
+
+type: application
+
+version: 2.0.1
+appVersion: v2.0.1
+
+dependencies:
+ - name: gitlab
+ version: 2.0.1
+ repository: https://horizoncd.github.io/helm-charts
+ condition: gitlab.enabled
+ - name: tektoncd
+ version: 2.0.1
+ repository: https://horizoncd.github.io/helm-charts
+ condition: tektoncd.enabled
+ - name: minio
+ version: 11.10.13
+ repository: https://charts.bitnami.com/bitnami
+ condition: minio.enabled
+ - name: mysql
+ version: 9.4.1
+ repository: https://charts.bitnami.com/bitnami
+ condition: mysql.enabled
+ - name: chartmuseum
+ version: 3.9.1
+ repository: https://chartmuseum.github.io/charts
+ condition: chartmuseum.enabled
+ - name: grafana
+ version: 6.26.5
+ repository: https://grafana.github.io/helm-charts
+ condition: grafana.enabled
+ - name: argo-cd
+ version: 5.0.0
+ repository: https://argoproj.github.io/argo-helm
+ condition: argo-cd.enabled
+ - name: harbor
+ version: 1.6.3
+ repository: https://helm.goharbor.io
+ condition: harbor.enabled
diff --git a/charts/horizon/README.md b/charts/horizon/README.md
new file mode 100644
index 0000000..4af9a8e
--- /dev/null
+++ b/charts/horizon/README.md
@@ -0,0 +1,449 @@
+# Helm Chart for Horizon
+
+## Introduction
+
+This Helm chart installs [Horizon](https://github.com/horizoncd/horizon) in a Kubernetes cluster.
+
+## TL;DR
+
+```console
+helm repo add horizon https://horizoncd.github.io/helm-charts
+helm install horizon horizon/horizon -n horizoncd
+```
+
+**Attention:**
+
+- The chart's default `values.yaml` file provides a minimal installation, only for test purpose, not for production
+ use.
+
+## Prerequisites
+
+- Kubernetes cluster 1.19+
+- Helm 3.4.0+
+
+## Installation
+
+### Add Helm repository
+
+```bash
+helm repo add horizon https://horizon.github.io/helm-charts
+```
+
+### Install the chart
+
+Install the Horizon helm chart with a release name `horizon` in `horizoncd` namespace:
+
+helm 3:
+
+```bash
+helm install horizon horizon/horizon -n horizoncd
+```
+
+### Uninstallation
+
+To uninstall the `horizon` release:
+
+helm 3:
+
+```bash
+helm uninstall horizon -n horizoncd
+```
+
+## Parameters
+
+### Common parameters
+
+| Name | Description | Value |
+| ------------------ | ---------------------------------------------- | ----- |
+| `nameOverride` | String to partially override fullname template | "" |
+| `fullnameOverride` | String to fully override fullname template | "" |
+| `imagePullSecrets` | The image pull policy | "" |
+| `imagePullPolicy` | The imagePullSecrets names for all deployments | "" |
+
+### Ingress parameters
+
+| Name | Description | Value |
+| ----------------- | ----------------------- | ------------------ |
+| `ingress.enabled` | The replica count | true |
+| `ingress.tls` | Tls for ingress's hosts | [] |
+| `ingress.hosts` | Hosts for the ingress | - horizon.h8s.site |
+
+### Core / Job application parameters
+
+| Name | Description | Value |
+| ------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `config.serverConfig.port` | The service port Horizon listens on when serving with HTTP | 8080 |
+| `config.cloudEventServerConfig.port` | The service port CloudEvent listens on when serving with HTTP. CloudEvent is a a separate HTTP service used to receive callback requests from Tekton. | 8181 |
+| `config.dbConfig.host` | The host of the database | horizon-mysql |
+| `config.dbConfig.port` | The port of the database | 3306 |
+| `config.dbConfig.username` | The username of the database | horizon |
+| `config.dbConfig.password` | The password of the database | horizon |
+| `config.dbConfig.database` | The schema of the database | horizon |
+| `config.dbConfig.prometheusEnabled` | Enable prometheus metrics exposing or not | true |
+| `config.kubeconfig` | The kubeconfig Horizon use | "" |
+| `config.redisConfig.protocol` | The protocol of the redis Horizon will connect | tcp |
+| `config.redisConfig.address` | The address of the redis Horizon will connect | horizon-redis-ha:6379 |
+| `config.redisConfig.password` | The password of the redis Horizon will connect | "" |
+| `config.redisConfig.db` | The database of the redis Horizon will connect | 1 |
+| `config.sessionConfig.maxAge` | The duration of the session | 43200 |
+| `config.gitRepos` | The git repository configurations, including url and token, example is like: gitRepos: - kind: github url: https://github.com token: xxxxxx | [] |
+| `config.gitopsRepoConfig.rootGroupPath` | The path of the root group for gitops gitlab | cloud-native |
+| `config.templateRepo.kind` | The kind of the repository for templates, `harbor` and `chartmuseum` are the available options | chartmuseum |
+| `config.templateRepo.host` | The host of the repository for templates | http://horizon-chartmuseum:8080 |
+| `config.templateRepo.username` | The username of the repository the templates | "" |
+| `config.templateRepo.password` | The password of the repository for templates | "" |
+| `config.templateRepo.insecure` | Set security of the host of the repository for templates | true |
+| `config.templateRepo.repoName` | Project name in the Chart Repository (must be set when kind is `harbor`) | "" |
+| `config.argoCDMapper` | The mapping between environments and configs of argocds | default: url: http://horizon-argocd-server token: xxx namespace: horizoncd |
+| `config.tektonMapper` | The mapping between environments and configs of tektons | default: server: http://el-horizon- listener:8080 namespace: horizoncd kubeconfig: "" s3: accessKey: admin secretKey: qOIh3Xt5jg region: china endpoint: "horizon-minio:9000" bucket: horizon disableSSL: true skipVerify: true s3ForcePathStyle: true |
+| `config.grafanaConfig.host` | The host of the grafana installed on the K8s | "" |
+| `config.grafanaConfig.namespace` | The namespace of the grafana installed on the K8s | horizoncd |
+| `config.grafanaConfig.dashboards.labelKey` | The dashboards' label key of the grafana installed on the K8s | grafana_dashboard |
+| `config.grafanaConfig.dashboards.labelValue` | The dashboards' label value of the grafana installed on the K8s | "1" |
+| `config.grafanaConfig.syncDatasourceConfig.period` | The period that horizon-job sync prometheus datasources to grafana | 2m |
+| `config.grafanaConfig.syncDatasourceConfig.labelKey` | The datasources' label key of the grafana installed on the K8s | grafana_datasource |
+| `config.grafanaConfig.syncDatasourceConfig.labelValue` | The datasources' label value of the grafana installed on the K8s | "1" |
+| `config.autoFree.enabled` | Enable autoFree moudule or not | false |
+| `config.oauth.oauthHTMLLocation` | The path of the oauth html file | "/home/appops/authhtml" |
+| `config.oauth.authorizeCodeExpireIn` | The duration of the authorized code | 10m |
+| `config.oauth.accessTokenExpireIn` | The duration of the access token | 24h |
+| `config.webhook.clientTimeout` | The timeout duration of webhook's http client | 30 |
+| `config.webhook.idleWaitInterval` | The idleWait internal of webhook's http client | 2 |
+| `config.webhook.workerReconcileInterval` | The reconcile internal of webhook | 5 |
+| `config.webhook.responseBodyTruncateSize` | The size that needs to be exceeded when truncating text | 16384 |
+| `config.eventHandler.batchEventsCount` | The batch events count of the event handler | 5 |
+| `config.eventHandler.cursorSaveInterval` | The cursor save interval of the event handler | 10 |
+| `config.eventHandler.idleWaitInterval` | The idle wait of the event handler's http client | 3 |
+
+### Core deployment parameters
+
+| Name | Description | Value |
+| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- |
+| `core.replica` | The replica count | 1 |
+| `core.image.repository` | Repository for Horizon core image | horizoncd/horizon |
+| `core.image.tag` | Tag for Horizon core image | v1.0.0 |
+| `core.args.loglevel` | Loglevel of Horizon core | info |
+| `core.args.gitOpsRepoDefaultBranch` | Default branch for gitops repository | main |
+| `core.securityContext.runAsUser` | User ID for the container | 10001 |
+| `core.securityContext.fsGroup` | Group ID for the container | 10001 |
+| `core.serviceAccount.create` | Create the serviceAccount or not | true |
+| `core.resources` | The [resources] to allocate for container | {} |
+| `core.nodeSelector` | Node labels for pod assignment | {} |
+| `core.tolerations` | Tolerations for pod assignment | [] |
+| `core.affinity` | Node/Pod affinities | {} |
+| `core.service.port` | The port of the core service | 80 |
+| `core.cloudEventService.port` | The port of the cloudevent service | 80 |
+| `core.cloudEventIngress.enabled` | Enable ingress of the cloudEvent or not | true |
+| `core.cloudEventIngress.hosts` | The hosts of the cloudEvent's ingress | [] |
+| `core.envs` | The environments in Horizon core | {} |
+| `core.monitor.enabled` | Enable monitor of Horizon core or not | false |
+| `core.grafanaDashboards` | Grafana dashboards in json format. Please note that the default dashboards are built based on metrics of `Kube-state-metrics:v1.9.7`, you may need to modify the dashboards if you are using a higher verion becuase of renaming in some metrics. | - name: pod value: xxx |
+
+### Web deployment parameters
+
+| Name | Description | Value |
+| ------------------------------- | ----------------------------------------- | ------------- |
+| `web.replicas` | The replica count | 1 |
+| `web.image.repository` | Repository for Horizon web image | horizoncd/web |
+| `web.image.tag` | Tag for Horizon web image | v1.0.0 |
+| `web.securityContext.runAsUser` | User ID for the container | 10001 |
+| `web.securityContext.fsGroup` | Group ID for the container | 10001 |
+| `web.resources` | The [resources] to allocate for container | {} |
+| `web.nodeSelector` | Node labels for pod assignment | {} |
+| `web.tolerations` | Tolerations for pod assignment | [] |
+| `web.affinity` | Node/Pod affinities | {} |
+| `web.port` | Port of Horizon web container | 8080 |
+| `web.service.port` | Kubernetes port where service is exposed | 80 |
+
+### Job deployment parameters
+
+| Name | Description | Value |
+| ---------------------------------- | ----------------------------------------- | ------------- |
+| `job.image.repository` | Repository for Horizon job image | horizoncd/job |
+| `job.image.tag` | Tag for Horizon job image | v1.0.0 |
+| `job.args.loglevel` | Loglevel of Horizon job | info |
+| `job.args.gitOpsRepoDefaultBranch` | Default branch for gitops repository | main |
+| `job.securityContext.runAsUser` | User ID for the container | 10001 |
+| `job.securityContext.fsGroup` | Group ID for the container | 10001 |
+| `job.serviceAccount.create` | Create the serviceAccount or not | true |
+| `job.resources` | The [resources] to allocate for container | {} |
+| `job.nodeSelector` | Node labels for pod assignment | {} |
+| `job.tolerations` | Tolerations for pod assignment | [] |
+| `job.affinity` | Node/Pod affinities | {} |
+
+### Swagger deployment parameters
+
+| Name | Description | Value |
+| ----------------------------------- | ------------------------------------------------------------- | --------------------- |
+| `swagger.replicas` | The replica count | 1 |
+| `swagger.image.repository` | Repository for Horizon swagger image | horizoncd/swagger |
+| `swagger.image.tag` | Tag for Horizon swagger image | v1.0.0 |
+| `swagger.securityContext.runAsUser` | User ID for the container | 10001 |
+| `swagger.securityContext.fsGroup` | Group ID for the container | 10001 |
+| `swagger.envs.BASE_URL` | Environment named `BSE_URL` in Horizon swagger container | /apis/swagger |
+| `swagger.envs.SWAGGER_JSON` | Environment named `SWAGGER_JSON` in Horizon swagger container | /openapi/restful.json |
+| `swagger.service.port` | Kubernetes port where service is exposed | 80 |
+| `swagger.service.targetPort` | The port on which the service will send requests to | 8080 |
+| `swagger.resources` | The [resources] to allocate for container | {} |
+
+### Third-party components parameters
+
+Horizon has the ability to initialize third-party components conveniently to build the whole CI&CD system.
+
+**Attention**:
+
+- By default, the components(Mysql、Gitlab、Minio、Harbor) that are initialized by Horizon use `PVC` to persistent data,
+ which means a default `StorageClass` is needed in the Kubernetes cluster to dynamic provision the volumes.
+
+- You can definitely use your own maintained components for sure, to do that, just set the `enabled` field to false, and then fill in the corresponding fields with your own configurations. More information will be explained below.
+
+#### Minio
+
+We use `Minio` as the `s3` storage service. The default parameters are:
+
+```
+minio:
+ enabled: true
+ ingress:
+ enabled: true
+ hostname: minio.h8r.site
+ persistence:
+ enabled: true
+ defaultBuckets: horizon
+ auth:
+ rootUser: admin
+ rootPassword: qOIh3Xt5jg
+ provisioning:
+ enabled: true
+ config:
+ - name: region
+ options:
+ name: china
+```
+
+If you want to use your own `s3` storage service, you need to do the following steps:
+
+1. disable `minio` by setting the `enabled` field to false
+
+2. modify `Tekton` config in the path: `config.tektonMapper.[environment].s3`
+
+3. modify `Harbor` config in the path: `harbor.persistence.imageChartStorage.s3`
+
+4. Modify `Chartmusuem` config in the path: `chartmuseum.env.open` and `chartmuseum.env.secret`
+
+#### Gitlab
+
+We use `Gitlab` as the `gitops` repository. The default parameters are:
+
+```
+gitlab:
+ enabled: true
+ image: gitlab/gitlab-ce
+ imageTag: "13.11.7-ce.0"
+ ingress:
+ enabled: true
+ hosts:
+ - gitlab.h8r.site
+ persistence:
+ enabled: true
+ config:
+ GITLAB_ROOT_PASSWORD: root1234
+ GITLAB_ROOT_ACCESS_TOKEN: horizon-access-token
+ GITLAB_HOST: gitlab.h8r.site
+ GITLAB_TIMEZONE: "Asia/Shanghai"
+ resources:
+ requests:
+ memory: 4Gi
+ cpu: 2
+ limits:
+ memory: 4Gi
+ cpu: 2
+```
+
+If you want to use your own `gitlab` instance, you need to do the following steps:
+
+1. disable `gitlab` by setting the `enabled` field to false
+
+2. modify gitops config in path: `cnofig.gitopsRepoConfig`
+
+#### Chartmuseum
+
+We use `Chartmuseum` as the helm chart repository. The default parameters are:
+
+```
+chartmuseum:
+ enabled: true
+ ingress:
+ enabled: true
+ hosts:
+ - name: chartmuseum.h8r.site
+ env:
+ open:
+ # storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle
+ STORAGE: amazon
+ # s3 bucket to store charts for amazon storage backend
+ STORAGE_AMAZON_BUCKET: horizon
+ # region of s3 bucket to store charts
+ STORAGE_AMAZON_REGION: china
+ # alternative s3 endpoint
+ STORAGE_AMAZON_ENDPOINT: "http://horizon-minio:9000"
+ DISABLE_API: false
+ secret:
+ AWS_ACCESS_KEY_ID: admin
+ AWS_SECRET_ACCESS_KEY: qOIh3Xt5jg
+```
+
+If you want to use your own helm chart repository, you need to do the following steps:
+
+1. disable `chartmuseum` by setting the `enabled` field to false
+
+2. modify helm template config in path: `cnofig.templateRepo`
+
+#### Mysql
+
+We use `Mysql` as the database. The default parameters are:
+
+```
+mysql:
+ enabled: true
+ auth:
+ rootPassword: "horizon"
+ createDatabase: true
+ database: "horizon"
+ initdbScriptsConfigMap: horizon-dbinit
+ primary:
+ resources:
+ limits:
+ cpu: 250m
+ memory: 1Gi
+ requests:
+ cpu: 100m
+ memory: 500Mi
+```
+
+If you want to use your own database, you need to do the following steps:
+
+1. disable `mysql` by setting the `enabled` field to false
+
+2. modify database config in path: `cnofig.dbConfig`
+
+#### Harbor
+
+We use `Harbor` as the image repository. The default parameters are:
+
+```
+harbor:
+ enabled: true
+ expose:
+ type: clusterIP
+ tls:
+ auto:
+ commonName: "harbor.horizoncd.svc.cluster.local"
+ clusterIP:
+ name: harbor
+ externalURL: https://harbor.horizoncd.svc.cluster.local
+ persistence:
+ imageChartStorage:
+ disableredirect: true
+ type: s3
+ s3:
+ region: china
+ bucket: horizon
+ accesskey: admin
+ secretkey: qOIh3Xt5jg
+ regionendpoint: http://horizon-minio:9000
+ secure: false
+ skipverify: true
+ redis:
+ type: external
+ external:
+ addr: "horizon-redis-ha:6379"
+ chartmuseum:
+ enabled: false
+ core:
+ replicas: 1
+ jobservice:
+ replicas: 1
+ registry:
+ replicas: 1
+ notary:
+ enabled: false
+ trivy:
+ enabled: false
+```
+
+If you want to use your own image repository, you need to do the following steps:
+
+1. disable `harbor` by setting the `enabled` field to false
+
+2. Add `Registry` in the Horizon manager web
+
+#### Grafana
+
+We use `Grafana` as the monitoring display system. The default parameters are:
+
+```
+grafana:
+ enabled: true
+ defaultDashboardsEnabled: true
+ adminPassword: admin
+ ingress:
+ enabled: true
+ hosts:
+ - grafana.h8r.site
+ path: /
+ sidecar:
+ dashboards:
+ enabled: true
+ datasources:
+ enabled: true
+ grafana.ini:
+ auth.anonymous:
+ enabled: true
+ security:
+ allow_embedding: true
+```
+
+If you want to use your own Grafana instance, you need to do the following steps:
+
+1. disable `grafana` by setting the `enabled` field to false
+
+2. Modify `grafana` config in the path: `config.grafanaConfig`
+
+#### Tektoncd
+
+We use `Tektoncd` as the CI tool. The default parameters are:
+
+```
+tektoncd:
+ enabled: true
+ configDefaults:
+ default-cloud-events-sink: http://horizon-core-cloudevent.horizoncd/apis/internal/cloudevents
+ tektonDashboard:
+ ingress:
+ host: tekton.h8s.site
+```
+
+If you want to use your own `Tektoncd` instance, you need to do the following steps:
+
+1. disable `tektoncd` by setting the `enabled` field to false
+
+2. Modify tektoncd config in the path: `config.tektonMapper.[environment]`
+
+#### Tektonci-resources
+
+We have embedded `Tekton Pipeline & Task` as the default CI definition. The default parameters are:
+
+```
+tektonci-resources:
+ horizon:
+ deployTask:
+ horizonApiUrl: http://horizon-core
+ auth:
+ dockerConfigJson: { "auths": { "harbor.horizoncd.svc.cluster.local": { "username": "admin", "password": "Harbor12345", "auth": "YWRtaW46SGFyYm9yMTIzNDU=" } }}
+ gitRepos: []
+```
+
+If you want to define your own CI logics, you need to do the following steps:
+
+1. Modify scripts in the path: `tektonci-resources.horiozn.script`
diff --git a/charts/horizon/charts/redis-ha/Chart.yaml b/charts/horizon/charts/redis-ha/Chart.yaml
new file mode 100644
index 0000000..c57e616
--- /dev/null
+++ b/charts/horizon/charts/redis-ha/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+name: redis-ha
+home: http://redis.io/
+engine: gotpl
+keywords:
+- redis
+- keyvalue
+- database
+version: 4.12.15
+appVersion: 6.0.7
+description: This Helm chart provides a highly available Redis implementation with a master/slave configuration and uses Sentinel sidecars for failover management
+icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png
+maintainers:
+- email: salimsalaues@gmail.com
+ name: ssalaues
+- email: aaron.layfield@gmail.com
+ name: dandydeveloper
+sources:
+- https://redis.io/download
+- https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha
+- https://github.com/oliver006/redis_exporter
diff --git a/charts/horizon/charts/redis-ha/README.md b/charts/horizon/charts/redis-ha/README.md
new file mode 100644
index 0000000..8241a96
--- /dev/null
+++ b/charts/horizon/charts/redis-ha/README.md
@@ -0,0 +1,292 @@
+# Redis
+
+[Redis](http://redis.io/) is an advanced key-value cache and store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets, sorted sets, bitmaps and hyperloglogs.
+
+## TL;DR
+
+```bash
+helm repo add dandydev https://dandydeveloper.github.io/charts
+helm install dandydev/redis-ha
+```
+
+By default this chart install 3 pods total:
+
+* one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available)
+* two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available)
+
+## Introduction
+
+This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager.
+
+## Prerequisites
+
+* Kubernetes 1.8+ with Beta APIs enabled
+* PV provisioner support in the underlying infrastructure
+
+## Upgrading the Chart
+
+Please note that there have been a number of changes simplifying the redis management strategy (for better failover and elections) in the 3.x version of this chart. These changes allow the use of official [redis](https://hub.docker.com/_/redis/) images that do not require special RBAC or ServiceAccount roles. As a result when upgrading from version >=2.0.1 to >=3.0.0 of this chart, `Role`, `RoleBinding`, and `ServiceAccount` resources should be deleted manually.
+
+### Upgrading the chart from 3.x to 4.x
+
+Starting from version `4.x` HAProxy sidecar prometheus-exporter removed and replaced by the embedded [HAProxy metrics endpoint](https://github.com/haproxy/haproxy/tree/master/contrib/prometheus-exporter), as a result when upgrading from version 3.x to 4.x section `haproxy.exporter` should be removed and the `haproxy.metrics` need to be configured for fit your needs.
+
+## Installing the Chart
+
+To install the chart
+
+```bash
+helm repo add dandydev https://dandydeveloper.github.io/charts
+helm install dandydev/redis-ha
+```
+
+The command deploys Redis on the Kubernetes cluster in the default configuration. By default this chart install one master pod containing redis master container and sentinel container along with 2 redis slave pods each containing their own sentinel sidecars. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the deployment:
+
+```bash
+helm delete
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the Redis chart and their default values.
+
+| Parameter | Description | Default |
+|:--------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------|
+| `image` | Redis image | `redis` |
+| `imagePullSecrets` | Reference to one or more secrets to be used when pulling redis images | [] |
+| `tag` | Redis tag | `6.0.3-alpine` |
+| `replicas` | Number of redis master/slave pods | `3` |
+| `ro_replicas` | Comma separated list of slaves which never get promoted to be master. Count starts with 0. Allowed values 1-9. i.e. 3,4 - 3th and 4th redis slave never make it to be master, where master is index 0. | ``|
+| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
+| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the redis-ha.fullname template |
+| `serviceAccount.automountToken` | Opt in/out of automounting API credentials into container | `false` |
+| `podSecurityPolicy.create` | Specifies whether a PodSecurityPolicy should be created | `false` |
+| `rbac.create` | Create and use RBAC resources | `true` |
+| `redis.port` | Port to access the redis service | `6379` |
+| `redis.tlsPort` | TLS Port to access the redis service |``|
+| `redis.tlsReplication` | Configures redis with tls-replication parameter, if true sets "tls-replication yes" in redis.conf |``|
+| `redis.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" |``|
+| `redis.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | `30` |
+| `redis.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | `15` |
+| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `15` |
+| `redis.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` |
+| `redis.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `5` |
+| `redis.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | `30` |
+| `redis.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | `15` |
+| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `15` |
+| `redis.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` |
+| `redis.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `5` |
+| `redis.masterGroupName` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `mymaster` |
+| `redis.config` | Any valid redis config options in this section will be applied to each server (see below) | see values.yaml |
+| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored |``|
+| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` |
+| `redis.lifecycle` | Container Lifecycle Hooks for redis container | `{}` |
+| `redis.annotations` | Annotations for the redis statefulset | `{}` |
+| `redis.updateStategy.type`| Update strategy for redis statefulSet | `RollingUpdate` |
+| `sentinel.port` | Port to access the sentinel service | `26379` |
+| `sentinel.bind` | Configure the 'bind' directive to bind to a list of network interfaces | `` |
+| `sentinel.tlsPort` | TLS Port to access the sentinel service |``|
+| `sentinel.tlsReplication` | Configures sentinel with tls-replication parameter, if true sets "tls-replication yes" in sentinel.conf |``|
+| `sentinel.authClients` | It is possible to disable client side certificates authentication when "authClients" is set to "no" |``|
+| `sentinel.livenessProbe.initialDelaySeconds` | Initial delay in seconds for liveness probe | `30` |
+| `sentinel.livenessProbe.periodSeconds` | Period in seconds after which liveness probe will be repeated | `15` |
+| `sentinel.livenessProbe.timeoutSeconds` | Timeout seconds for liveness probe | `15` |
+| `sentinel.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` |
+| `sentinel.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `5` |
+| `sentinel.readinessProbe.initialDelaySeconds` | Initial delay in seconds for readiness probe | `30` |
+| `sentinel.readinessProbe.periodSeconds` | Period in seconds after which readiness probe will be repeated | `15` |
+| `sentinel.readinessProbe.timeoutSeconds` | Timeout seconds for readiness probe | `15` |
+| `sentinel.readinessProbe.successThreshold` | Success threshold for readiness probe | `3` |
+| `sentinel.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `5` |
+| `sentinel.auth` | Enables or disables sentinel AUTH (Requires `sentinel.password` to be set) | `false` |
+| `sentinel.password` | A password that configures a `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`) |``|
+| `sentinel.existingSecret` | An existing secret containing a key defined by `sentinel.authKey` that configures `requirepass` in the conf parameters (Requires `sentinel.auth: enabled`, cannot be used in conjunction with `.Values.sentinel.password`) |``|
+| `sentinel.authKey` | The key holding the sentinel password in an existing secret. | `sentinel-password` |
+| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` |
+| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml |
+| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored |``|
+| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` |
+| `sentinel.lifecycle` | Container Lifecycle Hooks for sentinel container | `{}` |
+| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` |
+| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` |
+| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) |``|
+| `authKey` | The key holding the redis password in an existing secret. | `auth` |
+| `existingSecret` | An existing secret containing a key defined by `authKey` that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) |``|
+| `nodeSelector` | Node labels for pod assignment | `{}` |
+| `tolerations` | Toleration labels for pod assignment | `[]` |
+| `hardAntiAffinity` | Whether the Redis server pods should be forced to run on separate nodes. | `true` |
+| `additionalAffinities` | Additional affinities to add to the Redis server pods. | `{}` |
+| `securityContext` | Security context to be added to the Redis server pods. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` |
+| `affinity` | Override all other affinity settings with a string. | `""` |
+| `labels` | Labels for the Redis pod. | `{}` |
+| `configmap.labels` | Labels for the Redis configmap. | `{}` |
+| `persistentVolume.size` | Size for the volume | 10Gi |
+| `persistentVolume.annotations` | Annotations for the volume | `{}` |
+| `emptyDir` | Configuration of `emptyDir`, used only if persistentVolume is disabled and no hostPath specified | `{}` |
+| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` |
+| `exporter.image` | Exporter image | `oliver006/redis_exporter` |
+| `exporter.tag` | Exporter tag | `v1.15.1` |
+| `exporter.port` | Exporter port | `9121` |
+| `exporter.portName` | Exporter port name | `exporter-port` |
+| `exporter.address` | Redis instance Hostname/Address Exists to circumvent some issues with issues in IPv6 hostname resolution | `localhost` |
+| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` |
+| `exporter.extraArgs` | Additional args for the exporter | `{}` |
+| `exporter.script` | A custom custom Lua script that will be mounted to exporter for collection of custom metrics. Creates a ConfigMap and sets env var `REDIS_EXPORTER_SCRIPT`. | |
+| `exporter.serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
+| `exporter.serviceMonitor.namespace` | Namespace the service monitor is created in | `default` |
+| `exporter.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
+| `exporter.serviceMonitor.telemetryPath` | Path to redis-exporter telemetry-path | `/metrics` |
+| `exporter.serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
+| `exporter.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
+| `haproxy.enabled` | Enabled HAProxy LoadBalancing/Proxy | `false` |
+| `haproxy.replicas` | Number of HAProxy instances | `3` |
+| `haproxy.image.repository`| HAProxy Image Repository | `haproxy` |
+| `haproxy.image.tag` | HAProxy Image Tag | `2.0.1` |
+| `haproxy.image.pullPolicy`| HAProxy Image PullPolicy | `IfNotPresent` |
+| `haproxy.imagePullSecrets`| Reference to one or more secrets to be used when pulling haproxy images | [] |
+| `haproxy.annotations` | HAProxy template annotations | `{}` |
+| `haproxy.customConfig` | Allows for custom config-haproxy.cfg file to be applied. If this is used then default config will be overwriten |``|
+| `haproxy.extraConfig` | Allows to place any additional configuration section to add to the default config-haproxy.cfg |``|
+| `haproxy.resources` | HAProxy resources | `{}` |
+| `haproxy.emptyDir` | Configuration of `emptyDir` | `{}` |
+| `haproxy.labels` | Labels for the HAProxy pod | `{}` |
+| `haproxy.podSecurityPolicy.create` | Specifies whether a PodSecurityPolicy should be created | `false` |
+| `haproxy.service.type` | HAProxy service type "ClusterIP", "LoadBalancer" or "NodePort" | `ClusterIP` |
+| `haproxy.service.nodePort` | HAProxy service nodePort value (haproxy.service.type must be NodePort) | not set |
+| `haproxy.service.externalTrafficPolicy`| HAProxy service externalTrafficPolicy value (haproxy.service.type must be LoadBalancer) | not set |
+| `haproxy.service.annotations` | HAProxy service annotations | `{}` |
+| `haproxy.stickyBalancing` | HAProxy sticky load balancing to Redis nodes. Helps with connections shutdown. | `false` |
+| `haproxy.hapreadport.enable` | Enable a read only port for redis slaves | `false` |
+| `haproxy.hapreadport.port` | Haproxy port for read only redis slaves | `6380` |
+| `haproxy.metrics.enabled` | HAProxy enable prometheus metric scraping | `false` |
+| `haproxy.metrics.port` | HAProxy prometheus metrics scraping port | `9101` |
+| `haproxy.metrics.portName` | HAProxy metrics scraping port name | `http-exporter-port` |
+| `haproxy.metrics.scrapePath` | HAProxy prometheus metrics scraping port | `/metrics` |
+| `haproxy.metrics.serviceMonitor.enabled` | Use servicemonitor from prometheus operator for HAProxy metrics | `false` |
+| `haproxy.metrics.serviceMonitor.namespace` | Namespace the service monitor for HAProxy metrics is created in | `default` |
+| `haproxy.metrics.serviceMonitor.interval` | Scrape interval, If not set, the Prometheus default scrape interval is used | `nil` |
+| `haproxy.metrics.serviceMonitor.telemetryPath` | Path to HAProxy metrics telemetry-path | `/metrics` |
+| `haproxy.metrics.serviceMonitor.labels` | Labels for the HAProxy metrics servicemonitor passed to Prometheus Operator | `{}` |
+| `haproxy.metrics.serviceMonitor.timeout` | How long until a scrape request times out. If not set, the Prometheus default scape timeout is used | `nil` |
+| `haproxy.init.resources` | Extra init resources | `{}` |
+| `haproxy.timeout.connect` | haproxy.cfg `timeout connect` setting | `4s` |
+| `haproxy.timeout.server` | haproxy.cfg `timeout server` setting | `30s` |
+| `haproxy.timeout.client` | haproxy.cfg `timeout client` setting | `30s` |
+| `haproxy.timeout.check` | haproxy.cfg `timeout check` setting | `2s` |
+| `haproxy.checkInterval` | haproxy.cfg `check inter` setting | `1s` |
+| `haproxy.priorityClassName` | priorityClassName for `haproxy` deployment | not set |
+| `haproxy.securityContext` | Security context to be added to the HAProxy deployment. | `{runAsUser: 1000, fsGroup: 1000, runAsNonRoot: true}` |
+| `haproxy.hardAntiAffinity` | Whether the haproxy pods should be forced to run on separate nodes. | `true` |
+| `haproxy.affinity` | Override all other haproxy affinity settings with a string. | `""` |
+| `haproxy.additionalAffinities` | Additional affinities to add to the haproxy server pods. | `{}` |
+| `podDisruptionBudget` | Pod Disruption Budget rules | `{}` |
+| `priorityClassName` | priorityClassName for `redis-ha-statefulset` | not set |
+| `hostPath.path` | Use this path on the host for data storage | not set |
+| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | `true` |
+| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` |
+| `sysctlImage.command` | sysctlImage command to execute | [] |
+| `sysctlImage.registry` | sysctlImage Init container registry | `docker.io` |
+| `sysctlImage.repository` | sysctlImage Init container name | `busybox` |
+| `sysctlImage.tag` | sysctlImage Init container tag | `1.31.1` |
+| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `Always` |
+| `sysctlImage.mountHostSys`| Mount the host `/sys` folder to `/host-sys` | `false` |
+| `sysctlImage.resources` | sysctlImage resources | `{}` |
+| `schedulerName` | Alternate scheduler name | `nil` |
+| `tls.secretName` | The name of secret if you want to use your own TLS certificates. The secret should contains keys named by "tls.certFile" - the certificate, "tls.keyFile" - the private key, "tls.caCertFile" - the certificate of CA and "tls.dhParamsFile" - the dh parameter file | ``|
+| `tls.certFile` | Name of certificate file | `redis.crt` |
+| `tls.keyFile` | Name of key file | `redis.key` |
+| `tls.dhParamsFile` | Name of Diffie-Hellman (DH) key exchange parameters file |`` |
+| `tls.caCertFile` | Name of CA certificate file | `ca.crt` |
+| `restore.s3.source` | Restore init container - AWS S3 location of dump - i.e. s3://bucket/dump.rdb | `false` |
+| `restore.s3.access_key` | Restore init container - AWS AWS_ACCESS_KEY_ID to access restore.s3.source |``|
+| `restore.s3.secret_key` | Restore init container - AWS AWS_SECRET_ACCESS_KEY to access restore.s3.source |``|
+| `restore.s3.region` | Restore init container - AWS AWS_REGION to access restore.s3.source |``|
+| `restore.ssh.source` | Restore init container - SSH scp location of dump - i.e. user@server:/path/dump.rdb | `false` |
+| `restore.ssh.key` | Restore init container - SSH private key to scp restore.ssh.source to init container. Key should be in one line separated with \n. i.e. -----BEGIN RSA PRIVATE KEY-----\n...\n...\n-----END RSA PRIVATE KEY----- |`` |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```bash
+$ helm repo add dandydev https://dandydeveloper.github.io/charts
+$ helm install \
+ --set image=redis \
+ --set tag=5.0.5-alpine \
+ dandydev/redis-ha
+```
+
+The above command sets the Redis server within `default` namespace.
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```bash
+helm install -f values.yaml dandydev/redis-ha
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## Custom Redis and Sentinel config options
+
+This chart allows for most redis or sentinel config options to be passed as a key value pair through the `values.yaml` under `redis.config` and `sentinel.config`. See links below for all available options.
+
+[Example redis.conf](http://download.redis.io/redis-stable/redis.conf)
+[Example sentinel.conf](http://download.redis.io/redis-stable/sentinel.conf)
+
+For example `repl-timeout 60` would be added to the `redis.config` section of the `values.yaml` as:
+
+```yml
+ repl-timeout: "60"
+```
+
+Note:
+
+1. Some config options should be renamed by redis version,e.g.:
+
+ ```yml
+ # In redis 5.x,see https://raw.githubusercontent.com/antirez/redis/5.0/redis.conf
+ min-replicas-to-write: 1
+ min-replicas-max-lag: 5
+
+ # In redis 4.x and redis 3.x,see https://raw.githubusercontent.com/antirez/redis/4.0/redis.conf and https://raw.githubusercontent.com/antirez/redis/3.0/redis.conf
+ min-slaves-to-write 1
+ min-slaves-max-lag 5
+ ```
+
+Sentinel options supported must be in the the `sentinel