Last updated 2026-05-18

Kubernetes

Deploy one service instance per product or environment. Keep Redis isolated unless the owning product intentionally shares a quota namespace.

Network boundary

Expose the gRPC port only to trusted callers through NetworkPolicy, service mesh policy, private load balancers, or equivalent controls.

TLS and mTLS are transport security features only. They do not replace product authorization, entitlement checks, or business policy decisions.

Use Redis single-primary or primary-replica topology. Redis Cluster is out of scope for v1.