使用 crdb-cli 创建主动-主动数据库

本节介绍如何使用 Redis Enterprise Software 运算符在 Kubernetes 上设置主动-主动 Redis Enterprise 数据库。

适用于 Kubernetes 的 Redis Enterprise
注意:
版本 6.4.2 及更高版本支持主动-主动数据库控制器。此控制器允许您使用自定义资源创建 Redis Enterprise 主动-主动数据库 (REAADB) 和 Redis Enterprise 远程集群 (RERC)。我们建议使用 REAADB 方法创建主动-主动数据库

在 Kubernetes 上,Redis Enterprise 主动-主动数据库提供对来自不同 Kubernetes 集群的相同数据集的读写访问。有关主动-主动的更多常规信息,请参阅 Redis Enterprise Software 文档

创建主动-主动数据库需要在位于不同 Kubernetes 集群中的两个 Redis Enterprise 集群之间路由网络访问。如果没有为每个集群配置适当的访问权限,数据库实例之间的同步将失败。

此过程包括:

  1. 记录要在后续步骤中使用的值。这些值必须正确且一致。
  2. 编辑 Redis Enterprise 集群 (REC) 规范文件以包含ActiveActive部分。根据您使用的 K8s 发行版,这将略有不同。
  3. 使用crdb-cli命令。这些值必须与 REC 资源规范中的值匹配。

先决条件

在创建主动-主动数据库之前,您需要对两个或多个正常工作的 Kubernetes 集群具有管理员访问权限,每个集群都具有:

注意:
activeActive字段和ingressOrRouteSpec字段不能共存于同一个 REC 中。如果您通过ingressOrRouteSpec字段中,使用 RedisEnterpriseActiveActiveDatabase (REAADB) 自定义资源创建主动-主动数据库。

记录所需参数

设置 Active-Active 数据库时最常见的错误是参数值不正确或不一致。资源文件中列出的值必须与 crdb-cli 命令中使用的值匹配。

  • 数据库名称 <db-name>:
    • 描述:结合 ingress 后缀创建 Active-Active 数据库主机名
    • 格式:字符串
    • 示例值:myaadb
    • 如何获得:您选择
    • 数据库名称要求为:
      • 最多 63 个字符
      • 仅限字母、数字或连字符 (-) 字符
      • 以字母开头;以字母或数字结尾。
      • 数据库名称不区分大小写

对于每个参与的 Redis Enterprise 集群 (REC),您需要以下信息:

注意:
您需要创建 DNS 别名来解析您的 API 主机名<api-hostname>,<ingress-suffix>,<replication-hostname>添加到每个数据库的 Ingress 控制器的 LoadBalancer(或 OpenShift 中的路由)的 IP 地址。为避免输入多个 DNS 记录,您可以在别名中使用通配符(例如 *.ijk.example.com)。
  • REC 主机名 <rec-hostname>:
    • 描述:用于在crdb-cli命令。这必须与其他参与的集群不同。
    • 格式:<rec-name>.<namespace>.svc.cluster.local
    • 示例值:rec01.ns01.svc.cluster.local
    • 如何获取:列出所有 Redis Enterprise 集群
      kubectl get rec
  • API hostname <api-hostname>:
    • Description: Hostname used to access the Redis Enterprise cluster API from outside the K8s cluster
    • Format: string
    • Example value: api.ijk.example.com
  • Ingress suffix <ingress-suffix>:
    • Description: Combined with database name to create the Active-Active database hostname
    • Format: string
    • Example value: -cluster.ijk.example.com
  • REC admin credentials <username> <password>:
    • Description: Admin username and password for the REC stored in a secret
    • Format: string
    • Example value: username: user@example.com, password: something
    • How to get them: 
      kubectl get secret <rec-name> \
  -o jsonpath='{.data.username}' | base64 --decode
kubectl get secret <rec-name> \
  -o jsonpath='{.data.password}' | base64 --decode
  • Replication hostname <replication-hostname>:
    • Description: Hostname used inside the ingress for the database
    • Format: <db-name><ingress-suffix>
    • Example value: myaadb-cluster.ijk.example.com
    • How to get it: Combine <db-name> and <ingress-suffix> values you documented above.
  • Replication endpoint <replication-endpoint>:
    • Description: Endpoint used externally to contact the database
    • Format: <db-name><ingress-suffix>:443
    • Example value: myaadb-cluster.ijk.example.com:443
    • How to get it:<replication-hostname>:443

Add activeActive section to the REC resource file

From inside your K8s cluster, edit your Redis Enterprise cluster (REC) resource to add the following to the spec section. Do this for each participating cluster.

The operator uses the API hostname (<api-hostname>) to create an ingress to the Redis Enterprise cluster's API; this only happens once per cluster. Every time a new Active-Active database instance is created on this cluster, the operator creates a new ingress route to the database with the ingress suffix (<ingress-suffix>). The hostname for each new database will be in the format <db-name><ingress-suffix>.

Using ingress controller

  1. If your cluster uses an ingress controller, add the following to the spec section of your REC resource file.

Nginx:

activeActive:
  apiIngressUrl: <api-hostname>
  dbIngressSuffix: <ingress-suffix>
  ingressAnnotations:
     kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
  method: ingress

HAproxy:

activeActive:
  apiIngressUrl: <api-hostname>
  dbIngressSuffix: <ingress-suffix>
  ingressAnnotations:
    kubernetes.io/ingress.class: haproxy
     ingress.kubernetes.io/ssl-passthrough: "true"
  method: ingress

  1. After the changes are saved and applied, you can verify a new ingress was created for the API.

    $ kubectl get ingress
NAME   HOSTS                            ADDRESS                                 PORTS   AGE
rec01  api.abc.cde.example.com  225161f845b278-111450635.us.cloud.com   80      24h

  2. Verify you can access the API from outside the K8s cluster.

    curl -k -L -i -u <username>:<password> https://<api-hostname>/v1/cluster

    If the API call fails, create a DNS alias that resolves your API hostname (<api-hostname>) to the IP address for the ingress controller's LoadBalancer.

  3. Make sure you have DNS aliases for each database that resolve your API hostname <api-hostname>,<ingress-suffix>, <replication-hostname> to the IP address of the ingress controller’s LoadBalancer. To avoid entering multiple DNS records, you can use a wildcard in your alias (such as *.ijk.example.com).

If using Istio Gateway and VirtualService

No changes are required to the REC spec if you are using Istio in place of an ingress controller. The activeActive section added above creates ingress resources. The two custom resources used to configure Istio (Gateway and VirtualService) replace the need for ingress resources.

Warning:
These custom resources are not controlled by the operator and will need to be configured and maintained manually.

For each cluster, verify the VirtualService resource has two - match: blocks in the tls section. The hostname under sniHosts: should match your <replication-hostname>.

Using OpenShift routes

  1. Make sure your Redis Enterprise cluster (REC) has a different name (<rec-name.namespace>) than any other participating clusters. If not, you'll need to manually rename the REC or move it to a different namespace. You can check your new REC name with:

    oc get rec -o jsonpath='{.items[0].metadata.name}'

    If the rec name was modified, reapply scc.yaml to the namespace to reestablish security privileges.

    oc apply -f scc.yaml
oc adm policy add-scc-to-group redis-enterprise-scc-v2  system:serviceaccounts:<namespace>

    Releases before 6.4.2-6 use the earlier version of the SCC, named redis-enterprise-scc.

  2. Make sure you have DNS aliases for each database that resolve your API hostname <api-hostname>,<ingress-suffix>, <replication-hostname> to the route IP address. To avoid entering multiple DNS records, you can use a wildcard in your alias (such as *.ijk.example.com).

  3. If your cluster uses OpenShift routes, add the following to the spec section of your Redis Enterprise cluster (REC) resource file.

    activeActive:
  apiIngressUrl: <api-hostname>
  dbIngressSuffix: <ingress-suffix>
  method: openShiftRoute

  4. Make sure you have DNS aliases that resolve to the routes IP for both the API hostname (<api-hostname>) and the replication hostname (<replication-hostname>) for each database. To avoid entering each database individually, you can use a wildcard in your alias (such as *.ijk.example.com).

  5. After the changes are saved and applied, you can see that a new route was created for the API.

    $ oc get route
NAME    HOST/PORT                       PATH    SERVICES  PORT  TERMINATION   WILDCARD
rec01   api-openshift.apps.abc.example.com rec01   api             passthrough   None

Create an Active-Active database with crdb-cli

The crdb-cli command can be run from any Redis Enterprise pod hosted on any participating K8s cluster. You'll need the values for the required parameters for each Redis Enterprise cluster.

crdb-cli crdb create \
  --name <db-name> \
  --memory-size <mem-size> \
  --encryption yes \
  --instance fqdn=<rec-hostname-01>,url=https://<api-hostname-01>,username=<username-01>,password=<password-01>,replication_endpoint=<replication-endpoint-01>,replication_tls_sni=<replication-hostname-01> \
  --instance fqdn=<rec-hostname-02>,url=https://<api-hostname-02>,username=<username-02>,password=<password-02>,replication_endpoint=<replication-endpoint-02>,replication_tls_sni=<replication-hostname-02>

To create a database that syncs between more than two instances, add additional --instance arguments.

See the crdb-cli reference for more options.

Test your database

The easiest way to test your Active-Active database is to set a key-value pair in one database and retrieve it from the other.

You can connect to your databases with the instructions in Manage databases. Set a test key with SET foo bar in the first database. If your Active-Active deployment is working properly, when connected to your second database, GET foo should output bar.

RATE THIS PAGE
Back to top ↑