Use OpenShift routes for external database access
Every time the Redis Enterprise operator creates a Redis Enterprise database (REDB), it creates a service that allows requests to be routed to that database. Redis Enterprise supports three types of services for accessing databases:
By default, REDB creates a
ClusterIP type service, which exposes a cluster-internal IP and can only be accessed from within the cluster. OpenShift routes allow requests to be routed to the REDB from outside the cluster. For OpenShift deployments, routes provide a preferred alternative to an ingress.
Before you can connect to your database from outside the cluster, you’ll need the root CA certificate of the DMC Proxy server to validate the server certificate.
By default, the DMC Proxy uses a self-signed certificate. You can retrieve it from the Redis Enterprise admin console and save it as a file (for example, named “ca.pem”) on the client machine.
Your database also needs TLS encryption enabled.
Create OpenShift route
Select the Networking/Routes section of the OpenShift web console.
Select Create route and fill out the following fields:
- Name: Choose any name you want as the first part of your generated hostname
- Hostname: Leave blank
- Path: Leave as is ("/")
- Service: Select the service for the database you want to access
- TLS Termination: Choose “passthrough”
- Insecure Traffic: Select “None”
Find the hostname for your new route. After route creation, it appears in the “Host” field.
Verify you have a DNS entry to resolve the hostname for your new route to the cluster’s load balancer.
Access the database from outside the cluster using
To connect with
redis-cli -h <hostname> -p 443 --tls --cacert ./ca.pem --sni <hostname>
<hostname> value with the hostname for your new route.
To connect with
openssl s_client -connect <hostname>:443 -crlf -CAfile ./ca.pem -servername <hostname>