Redis Enterprise for Kubernetes 常见问题

适用于 Kubernetes 的 Redis Enterprise

以下是有关集成平台上 Redis Enterprise 的一些常见问题。

什么是作员?

Operator 是扩展原生 K8s API 的 Kubernetes 自定义控制器。请参阅文章 Redis Enterprise K8s 基于作员的部署 – 概述

Redis Enterprise Operator 是否支持每个命名空间多个 REC?

Redis Enterprise for Kubernetes 只能为每个命名空间部署一个 Redis Enterprise 集群 (REC)。每个 REC 可以运行多个数据库,同时保持高容量和高性能。

是否需要为每个命名空间部署 Redis Enterprise作员?

是的,每个命名空间一个作员,每个作员管理一个 Redis Enterprise 集群。 每个 REC 可以运行多个数据库,同时保持高容量和高性能。

如何查看为我的 Redis Enterprise 集群创建的自定义资源定义 (CRD)?

运行以下命令:

kubectl get rec
kubectl describe rec <my-cluster-name>

How can I change the Redis Enterprise cluster admin user password?

The cluster admin user password is created by the operator during the deployment of the Redis Enterprise cluster (REC) and is stored in a Kubernetes secret.

See Manage REC credentials for instructions on changing the admin password.

How is using Redis Enterprise operator superior to using Helm charts?

While Helm charts help automate multi-resource deployments, they do not provide the lifecycle management and lack many of the benefits provided by the operator:

  • Operators are a K8s standard, while Helm is a proprietary tool
    • Using operators means better packaging for different Kubernetes deployments and distributions, as Helm is not supported in a straightforward way everywhere
  • Operators allow full control over the Redis Enterprise cluster lifecycle
    • We’ve experienced difficulties managing the state and lifecycle of the application through Helm, as it essentially only allows to determine the resources being deployed, which is a problem when upgrading and evolve the Redis Enterprise Cluster settings
  • Operators support advanced flows which would otherwise require using an additional third party product

How to connect to the Redis Enterprise cluster user interface

Create a port forwarding rule to expose the cluster user interface (UI) port. For example, when the default port 8443 is used, run:

kubectl port-forward –namespace <namespace> service/<name>-cluster-ui 8443:8443

Connect to the UI by pointing your browser to https://localhost:8443

How should I size Redis Enterprise cluster nodes?

For nodes hosting the Redis Enterprise cluster statefulSet pods, follow the guidelines provided for Redis Enterprise in the hardware requirements.

For additional information please also refer to Kubernetes operator deployment – persistent volumes.

How to retrieve the username/password for a Redis Enterprise Cluster?

The Redis Enterprise cluster stores the username/password of the UI in a K8s secret.

Find the secret by retrieving secrets and locating one of type Opaque with a name identical or containing your Redis Enterprise cluster name.

For example, run:

kubectl get secrets

A possible response may look like this:

NAME TYPE DATA AGE
redis-enterprise-cluster Opaque 2 5d

To retrieve the secret run:

kubectl get secret redis-enterprise-cluster -o yaml

A possible response may look like this:

apiVersion: v1
data:
  password: Q2h5N1BBY28=
  username: cmVkaXNsYWJzLnNi
kind: Secret
metadata:
  creationTimestamp: 2018-09-03T14:06:39Z
  labels:
   app: redis-enterprise
   redis.io/cluster: test
 name: redis-enterprise-cluster
 namespace: redis
 ownerReferences:
 – apiVersion: app.redislabs.com/v1alpha1
   blockOwnerDeletion: true
   controller: true
   kind: RedisEnterpriseCluster
   name: test
   uid: 8b247469-c715-11e8-a5d5-0a778671fc2e
 resourceVersion: “911969”
 selfLink: /api/v1/namespaces/redis/secrets/redis-enterprise-cluster
 uid: 8c4ff52e-c715-11e8-80f5-02cc4fca9682
type: Opaque

Next, decode, for example, the password field. Run:

echo "Q2h5N1BBY28=" | base64 –-decode

How to retrieve the username/password for a Redis Enterprise Cluster through the OpenShift Console?

To retrieve your password, navigate to the OpenShift management console, select your project name, go to Resources->Secrets->your_cluster_name

Retrieve your password by selecting “Reveal Secret.”

What capabilities, privileges and permissions are defined by the Security Context Constraint (SCC) yaml?

The scc.yaml file is defined like this:

kind: SecurityContextConstraints
apiVersion: security.openshift.io/v1
metadata:
  name: redis-enterprise-scc
allowPrivilegedContainer: false
allowedCapabilities:
  - SYS_RESOURCE
runAsUser:
  type: MustRunAs
  uid: 1001
FSGroup:
  type: MustRunAs
  ranges: 1001,1001
seLinuxContext:
  type: RunAsAny

(latest version on GitHub)

(latest version on GitHub)

The SYS_RESOURCE capability is required by the Redis Enterprise cluster (REC) container so that REC can set correct out of memory (OOM) scores to its processes inside the container. Also, some of the REC services must be able to increase default resource limits, especially the number of open file descriptors.

Note:
  • Removing NET_RAW blocks 'ping' from being used on the solution containers.
  • These changes were made as of release 5.4.6-1183 to better align the deployment with container and Kubernetes security best practices:
    • The NET_RAW capability requirement in PSP was removed.
    • The allowPrivilegeEscalation is set to 'false' by default.
RATE THIS PAGE
Back to top ↑