diff --git a/apps/base/goharbor/kustomization.yaml b/apps/base/goharbor/kustomization.yaml
index eecc11198a64dbec549ca3fd57d951091e713ec4..2d75e3a416e58f2ea2cb040b0a1dc43e90aede14 100644
--- a/apps/base/goharbor/kustomization.yaml
+++ b/apps/base/goharbor/kustomization.yaml
@@ -5,11 +5,13 @@ resources:
   - namespace.yaml
   - repository.yaml
   - database.yaml
+  - redis.yaml
   - release.yaml
   - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
   - ../../../shared/networkpolicies/allow-from-ingress.yaml
   - ../../../shared/networkpolicies/allow-from-monitoring.yaml
   - ../../../shared/networkpolicies/allow-from-database.yaml
+  - ../../../shared/networkpolicies/allow-from-redis.yaml
 patchesStrategicMerge:
   - networkpolicy.yaml
 configMapGenerator:
diff --git a/apps/base/goharbor/redis.yaml b/apps/base/goharbor/redis.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f0651cb1d0a0483c89fa9da9ae9a0ad307da59f8
--- /dev/null
+++ b/apps/base/goharbor/redis.yaml
@@ -0,0 +1,22 @@
+apiVersion: databases.spotahome.com/v1
+kind: RedisFailover
+metadata:
+  name: goharbor-redis
+  namespace: goharbor
+spec:
+  sentinel:
+    replicas: 3
+    resources:
+      requests:
+        cpu: 100m
+      limits:
+        memory: 100Mi
+  redis:
+    replicas: 3
+    resources:
+      requests:
+        memory: 128Mi
+        cpu: 100m
+      limits:
+        memory: 256Mi
+        cpu: 200m
diff --git a/apps/base/goharbor/release.yaml b/apps/base/goharbor/release.yaml
index 975b266d5c4382d9091eb6ab5441ff0e5e25005a..31db3137270915cf39dfd7cfb940833a862c3d34 100644
--- a/apps/base/goharbor/release.yaml
+++ b/apps/base/goharbor/release.yaml
@@ -127,14 +127,10 @@ spec:
         post: 5432
         sslmode: require
     redis:
-      internal:
-        resources:
-          requests:
-            memory: 128Mi
-            cpu: 100m
-          limits:
-            memory: 256Mi
-            cpu: 200m
+      type: external
+      external:
+        addr: 'rfs-goharbor-redis:26379'
+        sentinelMasterSet: mymaster
     exporter:
       resources:
         requests:
diff --git a/shared/networkpolicies/allow-from-redis.yaml b/shared/networkpolicies/allow-from-redis.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1a6a039842dfaf21d548dea88ed4d51ac0cf86ce
--- /dev/null
+++ b/shared/networkpolicies/allow-from-redis.yaml
@@ -0,0 +1,24 @@
+
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-redis
+spec:
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          redis.shivering-isles.com/network-access-required: "true"
+      podSelector:
+        matchLabels:
+          app.kubernetes.io/name: redis-operator
+    ports:
+    - port: 26379
+      protocol: TCP
+    - port: 6379
+      protocol: TCP
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/part-of: redis-failover