High Availability (HA) Deployment
This guide explains how to deploy Unstract in a High Availability configuration using the values-multi-az.yaml Helm values override. HA mode enables automatic failover and multi-replica deployments for Redis, RabbitMQ, and MinIO.
Complete the standard Infrastructure Requirements and Deployment Guide before proceeding. HA mode is applied as an overlay on top of the standard deployment.
Overview
The HA configuration (values-multi-az.yaml) enables the following components:
| Component | HA Mode | Mechanism |
|---|---|---|
| Redis | Sentinel replication | 3-node cluster with automatic master failover via Sentinel |
| RabbitMQ | 3-node quorum queues | Quorum-based durability with automatic failover |
| MinIO | 5-node Operator-managed Tenant | Distributed object storage via MinIO Operator + Tenant CR |
Prerequisites for HA Mode
1. Multi-AZ Kubernetes Cluster
Ensure your cluster spans multiple Availability Zones with topology spread constraints supported.
2. Install MinIO Operator (One-Time Cluster Setup)
The MinIO Operator is cluster-scoped and must be installed once per cluster before enabling MinIO HA:
helm repo add minio-operator https://operator.min.io/
helm repo update
helm install minio-operator minio-operator/operator \
--namespace minio-operator --create-namespace \
--version 7.1.1
MinIO HA mode (minio.ha.enabled: true) requires the MinIO Operator to be installed first. Enabling HA without the Operator will cause the deployment to fail.
Advanced: Override the Operator Image
By default the Operator chart pulls its images from the upstream MinIO registry. Both keys are nested under the chart's top-level operator: key:
| Image | Default reference | Helm value |
|---|---|---|
| Operator controller | quay.io/minio/operator:v7.1.1 | operator.image.repository / operator.image.tag |
| Operator sidecar (injected onto Tenant pods) | quay.io/minio/operator-sidecar:v7.0.1 | operator.sidecarImage.repository / operator.sidecarImage.tag |
The operator and the sidecar are versioned independently — they do not
share a tag. The chart leaves operator.sidecarImage empty, so the operator
injects its own compiled-in default sidecar tag, which lags the operator
(operator v7.1.1 → sidecar v7.0.1). There is no operator-sidecar:v7.1.1
published, so do not assume the operator tag for the sidecar. If you set
operator.sidecarImage.tag to pin or redirect the sidecar, mirror exactly that
tag.
Override them when you mirror the images to a private registry (air-gapped clusters) or need to pin a specific tag/digest:
helm install minio-operator minio-operator/operator \
--namespace minio-operator --create-namespace \
--version 7.1.1 \
--set operator.image.repository=my-private-registry.example.com/unstract/operator \
--set operator.image.tag=v7.1.1 \
--set operator.sidecarImage.repository=my-private-registry.example.com/unstract/operator-sidecar \
--set operator.sidecarImage.tag=v7.0.1
The Helm Chart Container Images guide's list-onprem-images.sh already emits both Operator images (with their separate tags), so they are mirrored alongside everything else for air-gapped deployments.
3. RabbitMQ Cluster Operator
Unstract provisions its RabbitMQ broker through a RabbitmqCluster custom resource, reconciled by the RabbitMQ Cluster Operator. You do not install or configure this operator as a separate Unstract step — it is installed once per cluster as part of the LLMWhisperer on-prem setup, which is a required prerequisite for Unstract (and not specific to HA).
For a private registry, the two RabbitMQ images are handled differently:
| Image | What it is | How it's redirected |
|---|---|---|
rabbitmq (broker) | RabbitMQ server, rendered by the chart on the RabbitmqCluster CR | Follows global.image.registry — already covered by your private-registry override |
rabbitmqoperator/cluster-operator | The cluster-scoped operator | Not a Helm --set (raw manifest) — follow the override in the LLMWhisperer deployment guide |
list-onprem-images.sh still emits the operator image (the operators target, or bundled with the unstract target) so it is mirrored alongside everything else.
Deploying with HA Mode
Apply the values-multi-az.yaml override in addition to your standard values files:
helm upgrade --install unstract-platform \
oci://us-central1-docker.pkg.dev/pandoras-tamer/charts/unstract-platform \
--version <version> \
-f /path/to/on-prem.values.yaml \
-f /path/to/on-prem.secret.yaml \
-f /path/to/values-multi-az.yaml \
-n unstract
The values-multi-az.yaml file can be extracted from the Helm chart registry for your target version — see the Download Configuration Files section on the On-Prem Release Notes page.
HA Component Details
Redis Sentinel
Redis runs in replication mode with Sentinel for automatic master election and failover.
What changes in HA mode:
- Redis switches from standalone to replication architecture with 3 nodes
- Sentinel pods monitor the cluster and promote a new master on failure
- All application services connect via Sentinel (port
26379) instead of directly to the Redis master (port6379) - AOF-only persistence is used (no RDB snapshots) for better performance under HA conditions
RabbitMQ
RabbitMQ runs in HA mode with quorum queues enabled, providing durable message delivery across replicas.
What changes in HA mode:
- 3-node RabbitMQ cluster
- Quorum queues replace classic mirrored queues for stronger consistency guarantees
MinIO
MinIO switches from standalone mode to an Operator-managed Tenant CR for distributed, fault-tolerant object storage.
What changes in HA mode:
- Switches from standalone to a 5-node distributed Tenant managed by the MinIO Operator
Post-Deployment Validation
After deploying with HA mode, verify the HA components are healthy:
# Check all pods are running
kubectl get pods -n unstract
# Verify Redis Sentinel pods
kubectl get pods -n unstract -l app.kubernetes.io/component=sentinel
# Check RabbitMQ cluster nodes
kubectl exec -n unstract <rabbitmq-pod> -- rabbitmqctl cluster_status
# Check MinIO Tenant status (if using HA MinIO)
kubectl get tenants -n unstract
All Redis nodes should show one master and two replicas. Sentinel pods should report quorum achieved.