stackoom
  简体   繁体   中英

Redis Cluster K8s - replication password

 原文  2021-01-02 23:12:40       kubernetes/ redis

Question

I'm trying to get my redis cluster up and running but I'm unable to properly setup a password authentication for my clients. As soon as I set a password using --requirepass the replication is not working anymore. So I googled on I found out that redis uses a separate password for replication. This can be set using masterauth , please also see: https://redis.io/topics/replication . So I also tried to start with --masterauth but with no success. Has somebody any idea if --masterauth can be used as a parameter I can pass to the redis-server command at start-up as the docs don't refer to this directly. And before referring to helm, please be aware that my whole deployment is setup using kustomize.io and helm is not my preferred way to go for the moment.

I also tried something like this with no success.

This is what my redis-cluster.yaml looks like:

apiVersion: v1
kind: Service
metadata:
  name: redis
spec:
  type: LoadBalancer
  ports:
  - protocol: TCP
    port: 6379
    targetPort: 6379
    name: redis
  selector:
    name: redis
---
apiVersion: v1
kind: Service
metadata:
  name: redis-slave
spec:
  type: LoadBalancer
  ports:
  - protocol: TCP
    port: 6379
    targetPort: 6379
    name: redis
  selector:
    name: redis-slave
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: redis
  labels:
    name: redis
spec:
  replicas: 1
  selector:
    matchLabels:
      name: redis
  template:
    metadata:
      labels:
        name: redis
    spec:
      subdomain:
      containers:
      - name: redis
        image: redis:6.0.9-alpine
        command:
          - redis-server
        args:
          - "--protected-mode"
          - "no"
        ports:
        - containerPort: 6379
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: redis-slave
  labels:
    name: redis-slave
spec:
  replicas: 2
  selector:
    matchLabels:
      name: redis-slave
  template:
    metadata:
      labels:
        name: redis-slave
    spec:
      subdomain: redis-slave
      containers:
      - name: redis
        image: redis:6.0.9-alpine
        command:
          - "redis-server"
        args:
          - "--slaveof"
          - "redis.default.svc.cluster.local"
          - "6379"
          - "--protected-mode"
          - "no"
        ports:
        - containerPort: 6379

1 answers

solution1
 1  2021-01-03 00:13:45

There are two ways to configure a password on redis container:

  1. Fast implementation:
      containers:
      - args:
        - -c
        - |-
          echo -e 'maxmemory 183500800
          maxmemory-policy allkeys-lru
          stop-writes-on-bgsave-error no
          slaveof redis-master.default.svc.cluster.local
          requirepass YOUR_PASSWORD
          masterauth MASTER_PASSWORD' | docker-entrypoint.sh -
        command:
        - /bin/sh
        image: redis:6.0.9-alpine
        name: redis-slave
  1. Better practice:
  • Use a ConfigMap for each Deployment, mounted on /etc/redis/redis.conf , having the specific configuration and run the container without args or command .

More Redis 6.0 config parameters and documentation can be found here: https://raw.githubusercontent.com/redis/redis/6.0/redis.conf

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Redis failover in a K8s cluster Django + Celery + Redis on a K8s cluster redis cluster K8S connection How to do Redis slave repalication in k8s cluster? How to connect Redis with service in NodeJS in K8s cluster? Communication in k8s cluster Migration K8S cluster Deploy a k8s cluster Configure MySQL Replication with k8s StatefulSet Mysql 8.0.28 replication with xtrabackup on k8s
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM