Deployment with OpenShift CLI for Redis Enterprise for Kubernetes
These are the steps required to set up a Redis Enterprise Software cluster with OpenShift.
Prerequisites
- OpenShift cluster installed, with at least three nodes (each meeting the minimum requirements for a development installation)
Note:If you are running an OpenShift 3 version, use the
bundle.yaml
file located in theopenshift_3_x
folder in theredis-enterprise-k8s-docs
repo. This folder also contains the custom resource definitions (CRDs) compatible with OpenShift 3.x. - kubectl tool installed at version 1.9 or higher
- OpenShift CLI installed
Deploy the operator
-
Create a new project.
oc new-project <your-project-name>
-
Verify that you are using the newly created project, run:
oc project <your-project-name>
-
Get deployment files by cloning the
redis-enterprise-k8s-docs
repository.git clone https://github.com/RedisLabs/redis-enterprise-k8s-docs
-
Apply the file
scc.yaml
file.The scc (Security Context Constraint) yaml defines security context constraints for the cluster for our project. We strongly recommend that you not change anything in this yaml file.
oc apply -f openshift/scc.yaml
You should receive the following response:
securitycontextconstraints.security.openshift.io "redis-enterprise-scc" configured
-
Provide the operator permissions for the pods.
oc adm policy add-scc-to-user redis-enterprise-scc system:serviceaccount:<my-project>:redis-enterprise-operator oc adm policy add-scc-to-user redis-enterprise-scc system:serviceaccount:<my-project>:<rec>
You can see the name of your project with the
oc project
command to replace<my-project>
in the command above. Replacerec
with the name of your Redis Enterprise cluster, if different. -
Deploy the OpenShift operator bundle.
If you are running on OpenShift 3.x, use the
openshift.bundle.yaml
file in theopenshift_3_x
folder.oc apply -f openshift.bundle.yaml
Warning -Changes to theopenshift.bundle.yaml
file can cause unexpected results. -
Verify that your redis-enterprise-operator deployment is running, run:
oc get deployment
A typical response will look like this:
NAME READY UP-TO-DATE AVAILABLE AGE redis-enterprise-operator 1/1 1 1 0m36s
Create your Redis Enterprise cluster (REC) custom resource
-
Apply the
RedisEnterpriseCluster
resource file (rec_rhel.yaml).You can rename the file to
<your_cluster_name>.yaml
, but it is not required (the examples below will use<rec_rhel>.yaml
). Options for Redis Enterprise clusters has more info about the REC custom resource, or see the Redis Enterprise cluster API for a full list of options.Note:Each Redis Enterprise cluster must have at least 3 nodes. Single-node RECs are not supported. -
Apply the custom resource file to create your Redis Enterprise cluster.
oc apply -f <rec_rhel>.yaml
The operator typically creates the REC within a few minutes.
-
Check the cluster status
kubectl get pod
You should receive a response similar to the following:
| NAME | READY | STATUS | RESTARTS | AGE | | -------------------------------- | ----- | ------- | -------- | --- | | rec-name-0 | 2/2 | Running | 0 | 1m | | rec-name-1 | 2/2 | Running | 0 | 1m | | rec-name-2 | 2/2 | Running | 0 | 1m | | rec-name-controller-x-x | 1/1 | Running | 0 | 1m | | Redis-enterprise-operator-x-x | 1/1 | Running | 0 | 5m |
Configure the admission controller
-
Verify the secret has been created. The operator creates a Kubernetes secret for the admission controller during deployment.
kubectl get secret admission-tls
The response will be similar to this:
NAME TYPE DATA AGE admission-tls Opaque 2 2m43s
-
Save the automatically generated certificate to a local environment variable.
CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'`
-
Create a patch file for the Kubernetes webhook, using your own values for the namespace and webhook name.
sed '<your_namespace>' admission/webhook.yaml | kubectl create -f - cat > modified-webhook.yaml <<EOF webhooks: - name: <your.admission.webhook> clientConfig: caBundle: $CERT admissionReviewVersions: ["v1beta1"] EOF
-
Patch the validating webhook with the certificate.
kubectl patch ValidatingWebhookConfiguration redb-admission --patch "$(cat modified-webhook.yaml)"
Limit the webhook to relevant namespaces
If not limited, the webhook will intercept requests from all namespaces. If you have several REC objects in your Kubernetes cluster, you need to limit the webhook to the relevant namespaces. If you aren’t using multiple namespaces, you can skip this step.
-
View your namespace YAML file to verify your namespace is labeled and the label is unique to this namespace (see example below).
apiVersion: v1 kind: Namespace metadata: labels: namespace-name: staging name: staging
-
Patch the webhook spec with the
namespaceSelector
field.cat > modified-webhook.yaml <<EOF webhooks: - name: redb.admission.redislabs namespaceSelector: matchLabels: namespace-name: staging EOF
-
Apply the patch.
kubectl patch ValidatingWebhookConfiguration redb-admission --patch "$(cat modified-webhook.yaml)"
Verify the admission controller installation
Apply an invalid resource (provided below).
This should force the admission controller to reject it. If it applies successfully, the admission controller is not installed correctly.
$ kubectl apply -f - << EOF
apiVersion: app.redislabs.com/v1alpha1
kind: RedisEnterpriseDatabase
metadata:
name: redis-enterprise-database
spec:
evictionPolicy: illegal
EOF
You should see an error from the admission controller webhook redb.admission.redislabs
.
Error from server: error when creating "STDIN": admission webhook "redb.admission.redislabs" denied the request: eviction_policy: u'illegal' is not one of [u'volatile-lru', u'volatile-ttl', u'volatile-random', u'allkeys-lru', u'allkeys-random', u'noeviction', u'volatile-lfu', u'allkeys-lfu']
Create a Redis Enterprise database (REDB) custom resource
The operator uses the instructions in the REDB custom resources to manage databases on the Redis Enterprise cluster.
-
Create a
RedisEnterpriseDatabase
custom resource.The following example creates a database for testing purposes. For production databases, see creating a database and database options.
Example:
cat << EOF > /tmp/redis-enterprise-database.yml apiVersion: app.redislabs.com/v1alpha1 kind: RedisEnterpriseDatabase metadata: name: redis-enterprise-database spec: memorySize: 100MB EOF
-
Apply the newly created REDB resource
oc apply -f /tmp/redis-enterprise-database.yml