Deploy Redis Enterprise Software for Kubernetes
To deploy Redis Enterprise Software for Kubernetes and start your Redis Enterprise cluster (REC), you need to do the following:
- Create a new namespace in your Kubernetes cluster.
- Download the operator bundle.
- Apply the operator bundle and verify it’s running.
- Create a Redis Enterprise cluster (REC).
This guide works with most supported Kubernetes distributions. If you’re using OpenShift, see Redis Enterprise on OpenShift. For details on what is currently supported, see supported distributions.
Prerequisites
To deploy Redis Enterprise for Kubernetes, you’ll need:
- a Kubernetes cluster in a supported distribution
- a minimum of three worker nodes
- a Kubernetes client (kubectl)
- access to DockerHub, RedHat Container Catalog, or a private repository that can hold the required images.
Create a new namespace
Important: Each namespace can only contain one Redis Enterprise cluster. Multiple RECs with different operator versions can coexist on the same Kubernetes cluster, as long as they are in separate namespaces.
Throughout this guide, each command is applied to the namespace in which the Redis Enterprise cluster operates.
-
Create a new namespace
kubectl create namespace <rec-namespace> -
Change the namespace context to make the newly created namespace default for future commands.
kubectl config set-context --current --namespace=<rec-namespace>
You can use an existing namespace as long as it does not contain any existing Redis Enterprise cluster resources. It’s best practice to create a new namespace to make sure there are no Redis Enterprise resources that could interfere with the deployment.
Install the operator
Redis Enterprise for Kubernetes bundle is published as a container image. A list of required images is available in the release notes for each version.
The operator definition and reference materials are available on GitHub. The operator definitions are packaged as a single generic YAML file.
Download the operator bundle
Pull the latest version of the operator bundle:
VERSION=`curl --silent https://api.github.com/repos/RedisLabs/redis-enterprise-k8s-docs/releases/latest | grep tag_name | awk -F'"' '{print $4}'`
If you need a different release, replace VERSION with a specific release tag.
Check version tags listed with the operator releases on GitHub or by using the GitHub API to ensure the version of the bundle is correct.
Deploy the operator bundle
Apply the operator bundle in your REC namespace:
kubectl apply -f https://raw.githubusercontent.com/RedisLabs/redis-enterprise-k8s-docs/$VERSION/bundle.yaml
You should see a result similar to this:
role.rbac.authorization.k8s.io/redis-enterprise-operator created
serviceaccount/redis-enterprise-operator created
rolebinding.rbac.authorization.k8s.io/redis-enterprise-operator created
customresourcedefinition.apiextensions.k8s.io/redisenterpriseclusters.app.redislabs.com configured
customresourcedefinition.apiextensions.k8s.io/redisenterprisedatabases.app.redislabs.com configured
deployment.apps/redis-enterprise-operator created
Verify the operator is running
Check the operator deployment to verify it’s running in your namespace:
kubectl get deployment redis-enterprise-operator
You should see a result similar to this:
NAME READY UP-TO-DATE AVAILABLE AGE
redis-enterprise-operator 1/1 1 1 0m36s
Create a Redis Enterprise cluster (REC)
A Redis Enterprise cluster (REC) is created from a RedisEnterpriseCluster custom resource
that contains cluster specifications.
The following example creates a minimal Redis Enterprise cluster. See the RedisEnterpriseCluster API reference for more information on the various options available.
-
Create a file (
my-rec.yaml) that defines a Redis Enterprise cluster with three nodes:cat <<EOF > my-rec.yaml apiVersion: "app.redislabs.com/v1" kind: "RedisEnterpriseCluster" metadata: name: my-rec spec: nodes: 3 EOFThis will request a cluster with three Redis Enterprise nodes using the default requests (i.e., 2 CPUs and 4GB of memory per node).
To test with a larger configuration, use the example below to add node resources to the
specsection of your test cluster (my-rec.yaml).redisEnterpriseNodeResources: limits: cpu: 2000m memory: 16Gi requests: cpu: 2000m memory: 16GiNote:Each cluster must have at least 3 nodes. Single-node RECs are not supported.See the Redis Enterprise hardware requirements for more information on sizing Redis Enterprise node resource requests.
-
Apply your custom resource file in the same namespace as
my-rec.yaml.kubectl apply -f my-rec.yamlYou should see a result similar to this:
redisenterprisecluster.app.redislabs.com/my-rec created -
You can verify the creation of the cluster with:
kubectl get recYou should see a result similar to this:
NAME AGE my-rec 1mAt this point, the operator will go through the process of creating various services and pod deployments.
You can track the progress by examining the StatefulSet associated with the cluster:
kubectl rollout status sts/my-recor by looking at the status of all of the resources in your namespace:
kubectl get all
Enable the admission controller
The admission controller dynamically validates REDB resources configured by the operator. It is strongly recommended that you use the admission controller on your Redis Enterprise Cluster (REC). The admission controller only needs to be configured once per operator deployment.
As part of the REC creation process, the operator stores the admission controller certificate in a Kubernetes secret called admission-tls. You may have to wait a few minutes after creating your REC to see the secret has been created.
-
Verify the secret has been created.
kubectl get secret admission-tlsThe output will look similar to
NAME TYPE DATA AGE admission-tls Opaque 2 2m43s -
Save the certificate to a local environment variable.
CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'` -
Create a patch file for the Kubernetes validating webhook.
sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/demo/g' admission/webhook.yaml | kubectl create -f - cat > modified-webhook.yaml <<EOF webhooks: - name: redb.admission.redislabs clientConfig: caBundle: $CERT admissionReviewVersions: ["v1beta1"] EOF -
Patch the webhook with the certificate.
kubectl patch ValidatingWebhookConfiguration redb-admission --patch "$(cat modified-webhook.yaml)"
Limit the webhook to the relevant namespaces
The webhook will intercept requests from all namespaces unless you edit it to target a specific namespace. You can do this by adding the namespaceSelector section to the webhook spec to target a label on the namespace.
-
Make sure the namespace has a unique
namespace-namelabel.apiVersion: v1 kind: Namespace metadata: labels: namespace-name: example-ns name: example-ns -
Patch the webhook to add the
namespaceSelectorsection.cat > modified-webhook.yaml <<EOF webhooks: - name: redb.admission.redislabs namespaceSelector: matchLabels: namespace-name: staging EOF -
Apply the patch.
kubectl patch ValidatingWebhookConfiguration redb-admission --patch "$(cat modified-webhook.yaml)" -
Verify the admission controller is installed correctly by applying an invalid resource. This should force the admission controller to correct it.
$ kubectl apply -f - << EOF apiVersion: app.redislabs.com/v1alpha1 kind: RedisEnterpriseDatabase metadata: name: redis-enterprise-database spec: evictionPolicy: illegal EOF
You should see your request was denied by the admission webhook "redb.admission.redislabs".
Error from server: error when creating "STDIN": admission webhook "redb.admission.redislabs" denied the request: eviction_policy: u'illegal' is not one of [u'volatile-lru', u'volatile-ttl', u'volatile-random', u'allkeys-lru', u'allkeys-random', u'noeviction', u'volatile-lfu', u'allkeys-lfu']
Create a Redis Enterprise Database (REDB)
You can create multiple databases within the same namespace as your REC or in other namespaces.
See manage Redis Enterprise databases for Kubernetes to create a new REDB.