部署适用于 Kubernetes 的 Redis 企业软件

如何安装适用于 Kubernetes 的 Redis Enterprise Software。

适用于 Kubernetes 的 Redis Enterprise

要部署 Redis Enterprise Software for Kubernetes 并启动 Redis Enterprise 集群 (REC),您需要执行以下作:

  • 在 Kubernetes 集群中创建新的命名空间。
  • 下载 Operator 捆绑包。
  • 应用 Operator 捆绑包并验证它是否正在运行。
  • 创建 Redis Enterprise 集群 (REC)。

本指南适用于大多数受支持的 Kubernetes 发行版。如果您使用的是 OpenShift,请参阅 OpenShift 上的 Redis Enterprise。有关当前支持的内容的详细信息,请参阅支持的分配

先决条件

要部署 Redis Enterprise for Kubernetes,您需要:

  • 受支持的发行版中的 Kubernetes 集群
  • 最少 3 个 worker 节点
  • Kubernetes 客户端 (kubectl)
  • 访问 DockerHub、RedHat Container Catalog 或可以保存所需镜像的私有存储库。 注意:如果您应用的是版本 7.8.2-6 或更高版本,请检查节点上安装的作系统是否受支持。

创建新命名空间

重要:每个命名空间只能包含一个 Redis Enterprise 集群。具有不同 Operator 版本的多个 REC 可以共存于同一个 Kubernetes 集群上,只要它们位于不同的命名空间中即可。

在本指南中,每个命令都应用于 Redis Enterprise 集群运行所在的命名空间。

  1. 创建新命名空间

    kubectl create namespace <rec-namespace>

  2. Change the namespace context to make the newly created namespace default for future commands.

    kubectl config set-context --current --namespace=<rec-namespace>

You can use an existing namespace as long as it does not contain any existing Redis Enterprise cluster resources. It's best practice to create a new namespace to make sure there are no Redis Enterprise resources that could interfere with the deployment.

Install the operator

Redis Enterprise for Kubernetes bundle is published as a container image. A list of required images is available in the release notes for each version.

The operator definition and reference materials are available on GitHub. The operator definitions are packaged as a single generic YAML file.

Note:
If you do not pull images from DockerHub or another public registry, you need to use a private container registry.

Download the operator bundle

Pull the latest version of the operator bundle:

VERSION=`curl --silent https://api.github.com/repos/RedisLabs/redis-enterprise-k8s-docs/releases/latest | grep tag_name | awk -F'"' '{print $4}'`

If you need a different release, replace VERSION with a specific release tag.

Check version tags listed with the operator releases on GitHub or by using the GitHub API to ensure the version of the bundle is correct.

Deploy the operator bundle

Apply the operator bundle in your REC namespace:

kubectl apply -f https://raw.githubusercontent.com/RedisLabs/redis-enterprise-k8s-docs/$VERSION/bundle.yaml

You should see a result similar to this:

role.rbac.authorization.k8s.io/redis-enterprise-operator created
serviceaccount/redis-enterprise-operator created
rolebinding.rbac.authorization.k8s.io/redis-enterprise-operator created
customresourcedefinition.apiextensions.k8s.io/redisenterpriseclusters.app.redislabs.com configured
customresourcedefinition.apiextensions.k8s.io/redisenterprisedatabases.app.redislabs.com configured
deployment.apps/redis-enterprise-operator created
Warning:
DO NOT modify or delete the StatefulSet created during the deployment process. Doing so could destroy your Redis Enterprise cluster (REC).

Verify the operator is running

Check the operator deployment to verify it's running in your namespace:

kubectl get deployment redis-enterprise-operator

You should see a result similar to this:

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
redis-enterprise-operator   1/1     1            1           0m36s

Create a Redis Enterprise cluster (REC)

A Redis Enterprise cluster (REC) is created from a RedisEnterpriseCluster custom resource that contains cluster specifications.

The following example creates a minimal Redis Enterprise cluster. See the RedisEnterpriseCluster API reference for more information on the various options available.

  1. Create a file that defines a Redis Enterprise cluster with three nodes.

    Note:
    The REC name (my-rec in this example) cannot be changed after cluster creation.
    cat <<EOF > my-rec.yaml
apiVersion: "app.redislabs.com/v1"
kind: "RedisEnterpriseCluster"
metadata:
  name: my-rec
spec:
  nodes: 3
EOF

    This will request a cluster with three Redis Enterprise nodes using the default requests (i.e., 2 CPUs and 4GB of memory per node).

    To test with a larger configuration, use the example below to add node resources to the spec section of your test cluster (my-rec.yaml).

    redisEnterpriseNodeResources:
  limits:
    cpu: 2000m
    memory: 16Gi
  requests:
    cpu: 2000m
    memory: 16Gi
    Note:
    Each cluster must have at least 3 nodes. Single-node RECs are not supported.

    See the Redis Enterprise hardware requirements for more information on sizing Redis Enterprise node resource requests.

  2. Apply your custom resource file in the same namespace as my-rec.yaml.

    kubectl apply -f my-rec.yaml

    You should see a result similar to this:

    redisenterprisecluster.app.redislabs.com/my-rec created

  3. You can verify the creation of the cluster with:

    kubectl get rec

    You should see a result similar to this:

    NAME           AGE
my-rec   1m

    At this point, the operator will go through the process of creating various services and pod deployments.

    You can track the progress by examining the StatefulSet associated with the cluster:

    kubectl rollout status sts/my-rec

    or by looking at the status of all of the resources in your namespace:

    kubectl get all

Enable the admission controller

The admission controller dynamically validates REDB resources configured by the operator. It is strongly recommended that you use the admission controller on your Redis Enterprise Cluster (REC). The admission controller only needs to be configured once per operator deployment.

As part of the REC creation process, the operator stores the admission controller certificate in a Kubernetes secret called admission-tls. You may have to wait a few minutes after creating your REC to see the secret has been created.

  1. Verify the admission-tls secret exists.

    kubectl get secret admission-tls

    The output should look similar to

    NAME            TYPE     DATA   AGE
admission-tls   Opaque   2      2m43s

  2. Save the certificate to a local environment variable.

    CERT=`kubectl get secret admission-tls -o jsonpath='{.data.cert}'`

  3. Create a Kubernetes validating webhook, replacing <namespace> with the namespace where the REC was installed.

    The webhook.yaml template can be found in redis-enterprise-k8s-docs/admission

    sed 's/OPERATOR_NAMESPACE/<namespace>/g' webhook.yaml | kubectl create -f -

  4. Create a patch file for the Kubernetes validating webhook.

    cat > modified-webhook.yaml <<EOF
webhooks:
- name: redisenterprise.admission.redislabs
  clientConfig:
   caBundle: $CERT
EOF

  5. Patch the webhook with the certificate.

    kubectl patch ValidatingWebhookConfiguration \
    redis-enterprise-admission --patch "$(cat modified-webhook.yaml)"

Limit the webhook to the relevant namespaces

The operator bundle includes a webhook file. The webhook will intercept requests from all namespaces unless you edit it to target a specific namespace. You can do this by adding the namespaceSelector section to the webhook spec to target a label on the namespace.

  1. Make sure the namespace has a unique namespace-name label.

    apiVersion: v1
kind: Namespace
metadata:
   labels:
    namespace-name: example-ns
name: example-ns

  2. Patch the webhook to add the namespaceSelector section.

    cat > modified-webhook.yaml <<EOF
webhooks:
- name: redisenterprise.admission.redislabs
  namespaceSelector:
    matchLabels:
      namespace-name: staging
EOF

  3. Apply the patch.

    kubectl patch ValidatingWebhookConfiguration \
  redis-enterprise-admission --patch "$(cat modified-webhook.yaml)"

Verify the admission controller is working

  1. Verify the admission controller is installed correctly by applying an invalid resource. This should force the admission controller to correct it.

    kubectl apply -f - << EOF
apiVersion: app.redislabs.com/v1alpha1
kind: RedisEnterpriseDatabase
metadata:
  name: redis-enterprise-database
spec:
  evictionPolicy: illegal
EOF

    You should see your request was denied by the admission webhook "redisenterprise.admission.redislabs".

    Error from server: error when creating "STDIN": admission webhook "redisenterprise.admission.redislabs" denied the request: eviction_policy: u'illegal' is not one of [u'volatile-lru', u'volatile-ttl', u'volatile-random', u'allkeys-lru', u'allkeys-random', u'noeviction', u'volatile-lfu', u'allkeys-lfu']

Create a Redis Enterprise Database (REDB)

You can create multiple databases within the same namespace as your REC or in other namespaces.

See manage Redis Enterprise databases for Kubernetes to create a new REDB.

RATE THIS PAGE
Back to top ↑