Redis集群K8s-复制密码
[英]Redis Cluster K8s - replication password
问题描述
I'm trying to get my redis cluster up and running but I'm unable to properly setup a password authentication for my clients.
我正在尝试让我的 redis 集群启动并运行,但我无法为我的客户正确设置密码身份验证。 As soon as I set a password using --requirepass the replication is not working anymore.一旦我使用--requirepass设置密码,复制就不再起作用了。 So I googled on I found out that redis uses a separate password for replication.所以我搜索了一下,发现 redis 使用单独的密码进行复制。 This can be set using masterauth , please also see: https://redis.io/topics/replication .这可以使用masterauth进行设置,另请参阅: https://redis.io/topics/replication 。 So I also tried to start with --masterauth but with no success.所以我也尝试从--masterauth开始,但没有成功。 Has somebody any idea if --masterauth can be used as a parameter I can pass to the redis-server command at start-up as the docs don't refer to this directly.有人知道--masterauth是否可以用作参数,我可以在启动时传递给redis-server命令,因为文档没有直接引用它。 And before referring to helm, please be aware that my whole deployment is setup using kustomize.io and helm is not my preferred way to go for the moment.在提到 helm 之前,请注意我的整个部署是使用kustomize.io设置的,而helm目前不是我首选的 go 方式。
I also tried something like this with no success.我也尝试过这样的事情,但没有成功。
This is what my redis-cluster.yaml looks like:这就是我的 redis-cluster.yaml 的样子:
apiVersion: v1
kind: Service
metadata:
name: redis
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 6379
targetPort: 6379
name: redis
selector:
name: redis
---
apiVersion: v1
kind: Service
metadata:
name: redis-slave
spec:
type: LoadBalancer
ports:
- protocol: TCP
port: 6379
targetPort: 6379
name: redis
selector:
name: redis-slave
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
labels:
name: redis
spec:
replicas: 1
selector:
matchLabels:
name: redis
template:
metadata:
labels:
name: redis
spec:
subdomain:
containers:
- name: redis
image: redis:6.0.9-alpine
command:
- redis-server
args:
- "--protected-mode"
- "no"
ports:
- containerPort: 6379
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis-slave
labels:
name: redis-slave
spec:
replicas: 2
selector:
matchLabels:
name: redis-slave
template:
metadata:
labels:
name: redis-slave
spec:
subdomain: redis-slave
containers:
- name: redis
image: redis:6.0.9-alpine
command:
- "redis-server"
args:
- "--slaveof"
- "redis.default.svc.cluster.local"
- "6379"
- "--protected-mode"
- "no"
ports:
- containerPort: 6379
1 个解决方案
解决方案1
1 2021-01-03 00:13:45
There are two ways to configure a password on redis container:在 redis 容器上配置密码有两种方式:
- Fast implementation:快速实施:
containers:
- args:
- -c
- |-
echo -e 'maxmemory 183500800
maxmemory-policy allkeys-lru
stop-writes-on-bgsave-error no
slaveof redis-master.default.svc.cluster.local
requirepass YOUR_PASSWORD
masterauth MASTER_PASSWORD' | docker-entrypoint.sh -
command:
- /bin/sh
image: redis:6.0.9-alpine
name: redis-slave
- Better practice:更好的做法:
- Use a ConfigMap for each Deployment, mounted on
/etc/redis/redis.conf, having the specific configuration and run the container withoutargsorcommand.为每个部署使用 ConfigMap,安装在/etc/redis/redis.conf上,具有特定配置并在没有args或command的情况下运行容器。
More Redis 6.0 config parameters and documentation can be found here: https://raw.githubusercontent.com/redis/redis/6.0/redis.conf更多 Redis 6.0 配置参数和文档可以在这里找到: https://raw.githubusercontent.com/redis/redis/6.0/redis.conf
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.