To deploy Redis Enterprise Software on Kubernetes, you first need to install the Redis Enterprise operator.

This quick start guide is for generic Kubernetes distributions (kOps) as well as:

If you’re running either OpenShift or VMWare Tanzu, we provide specific getting started guides for installing the Redis Enterprise Operator on these platforms:


To deploy the Redis Enterprise operator, you’ll need:

  • a Kubernetes cluster in a supported distribution
  • a minimum of three worker nodes
  • a Kubernetes client (kubectl)
  • access to DockerHub, RedHat Container Catalog, or a private repository that can hold the required images.

See your version’s release notes for a list of required images.

If you are not pulling images from DockerHub, see Private Repositories for additional sections to add to your REC resource file and your operator.yaml file.

Create a new namespace

The Redis Enterprise operator manages a single Redis Enterprise cluster in a single namespace.

Throughout this guide, you should assume that each command is applied to the namespace in which the Redis Enterprise cluster operates.

  1. Create a new namespace

    kubectl create namespace <my-namespace>
  2. Change the namespace context to make the newly created namespace default for future commands.

    kubectl config set-context --current --namespace=<my-namespace>

Install the operator

The Redis Enterprise operator implementation is published as a Docker container. For more information about image sources, see Manage container images

The operator definition and reference materials are available on GitHub. The operator definitions are packaged as a single generic YAML file.

If you do not pull images from DockerHub or another public registry, you’ll need additional configuration in your operator deployment file and your Redis Enterprise cluster resource file. See Manage image sources for more info.

Deploy the operator bundle

To ensure that you pull the correct version of the bundle, check versions tags listed with the operator releases on GitHub or by using the GitHub API.

VERSION=`curl --silent | grep tag_name | awk -F'"' '{print $4}'`

If you need a different release, replace VERSION in the above with a specific release tag. Now deploy the operator with

kubectl apply -f$VERSION/bundle.yaml

You should see a result similar to this: created
serviceaccount/redis-enterprise-operator created created configured configured
deployment.apps/redis-enterprise-operator created

Verify the operator is running

Check the operator deployment to verify it’s running in your namespace:

kubectl get deployment redis-enterprise-operator

You should see a result similar to this:

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
redis-enterprise-operator   1/1     1            1           0m36s

Create a Redis Enterprise cluster (REC)

A cluster is created by creating a custom resource with the kind “RedisEnterpriseCluster” that contains the specification of the cluster option. See the Redis Enterprise Cluster API reference for more information on the various options available.

You can test the operator by creating a minimal cluster by following this procedure:

  1. Create a file called test-rec.yaml that defines a Redis Enterprise cluster with three nodes:

    cat <<EOF > test-rec.yaml
    apiVersion: ""
    kind: "RedisEnterpriseCluster"
      name: "test-rec"
      nodes: 3

    This will request a cluster with three Redis Enterprise nodes using the default requests (i.e., 2 CPUs and 4GB of memory per node).

    To test with a larger configuration, use the example below to add node resources to the spec section of your test cluster (test-rec.yaml).

          cpu: 2000m
          memory: 16Gi
          cpu: 2000m
          memory: 16Gi
    Each cluster must have at least 3 nodes. Single-node RECs are not supported.

    See the Redis Enterprise hardware requirements for more information on sizing Redis Enterprise node resource requests.

  2. Apply your custom resource definition (CRD) file in the same namespace as test-rec.yaml.

    kubectl apply -f test-rec.yaml

    You should see a result similar to this: created
  3. You can verify the creation of the cluster with:

    kubectl get rec

    You should see a result similar to this:

    NAME           AGE
    test-rec   1m

    At this point, the operator will go through the process of creating various services and pod deployments.

    You can track the progress by examining the StatefulSet associated with the cluster:

    kubectl rollout status sts/test-rec

    or by looking at the status of all of the resources in your namespace:

    kubectl get all

Enable the admission controller

The admission controller dynamically validates REDB resources configured by the operator. It is strongly recommended that you use the admission controller on your Redis Enterprise Cluster (REC). The admission controller only needs to be configured once per operator deployment.

As part of the REC creation process, the operator stores the admission controller certificate in a Kubernetes secret called admission-tls. You may have to wait a few minutes after creating your REC to see the secret has been created.

  1. Verify the secret has been created.

     kubectl get secret admission-tls
     NAME            TYPE     DATA   AGE
     admission-tls   Opaque   2      2m43s
  2. Save the certificate to a local environment variable.

    CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'`
  3. Create a patch file for the Kubernetes validating webhook.

    sed 's/NAMESPACE_OF_SERVICE_ACCOUNT/demo/g' admission/webhook.yaml | kubectl create -f -
    cat > modified-webhook.yaml <<EOF
    - name: redb.admission.redislabs
        caBundle: $CERT
      admissionReviewVersions: ["v1beta1"]
  4. Patch the webhook with the certificate.

    kubectl patch ValidatingWebhookConfiguration redb-admission --patch "$(cat modified-webhook.yaml)"

Limit the webhook to the relevant namespaces

The webhook will intercept requests from all namespaces unless you edit it to target a specific namespace. You can do this by adding the namespaceSelector section to the webhook spec to target a label on the namespace.

  1. Make sure the namespace has a unique namespace-name label.

    apiVersion: v1
    kind: Namespace
        namespace-name: example-ns
    name: example-ns
  2. Patch the webhook to add the namespaceSelector section.

    cat > modified-webhook.yaml <<EOF
    - name: redb.admission.redislabs
          namespace-name: staging
  3. Apply the patch.

    kubectl patch ValidatingWebhookConfiguration redb-admission --patch "$(cat modified-webhook.yaml)"
  4. Verify the admission controller is installed correctly by applying an invalid resource. This should force the admission controller to correct it.

    $ kubectl apply -f - << EOF
    kind: RedisEnterpriseDatabase
      name: redis-enterprise-database
      evictionPolicy: illegal

You should see your request was denied by the admission webhook "redb.admission.redislabs".

Error from server: error when creating "STDIN": admission webhook "redb.admission.redislabs" denied the request: eviction_policy: u'illegal' is not one of [u'volatile-lru', u'volatile-ttl', u'volatile-random', u'allkeys-lru', u'allkeys-random', u'noeviction', u'volatile-lfu', u'allkeys-lfu']

Create a Redis Enterprise Database (REDB)

Once the cluster is running, you can create a test database.

  1. Define the database with a sample REDB custom resource YAML file.

    cat <<EOF > smalldb.yaml
    kind: RedisEnterpriseDatabase
      name: smalldb
      memorySize: 100MB
  2. Apply the REDB resource file.

    kubectl apply -f smalldb.yaml
  3. The connectivity information for the database is now stored in a Kubernetes secret using the same name but prefixed with redb-:

    kubectl get secret/redb-smalldb -o yaml

    From this secret you can get the service name, port, and password for the default user.