You are looking at the documentation of a prior release. To read the documentation of the latest release, please
visit here.
New to KubeDB? Please start here.
Redis
What is Redis
Redis
is a Kubernetes Custom Resource Definitions
(CRD). It provides declarative configuration for Redis in a Kubernetes native way. You only need to describe the desired database configuration in a Redis object, and the KubeDB operator will create Kubernetes objects in the desired state for you.
Redis Spec
As with all other Kubernetes objects, a Redis needs apiVersion
, kind
, and metadata
fields. It also needs a .spec
section. Below is an example Redis object.
apiVersion: kubedb.com/v1alpha2
kind: Redis
metadata:
name: redis1
namespace: demo
spec:
autoOps:
disabled: true
version: 6.2.14
mode: Cluster
cluster:
master: 3
replicas: 1
disableAuth: false
authSecret:
name: redis1-auth
externallyManaged: false
tls:
issuerRef:
name: redis-ca-issuer
kind: Issuer
apiGroup: "cert-manager.io"
certificates:
- alias: client
subject:
organizations:
- kubedb
emailAddresses:
- [email protected]
- alias: server
subject:
organizations:
- kubedb
emailAddresses:
- [email protected]
storage:
storageClassName: "standard"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
monitor:
agent: prometheus.io/operator
prometheus:
serviceMonitor:
labels:
app: kubedb
interval: 10s
configSecret:
name: rd-custom-config
podTemplate:
metadata:
annotations:
passMe: ToDatabasePod
controller:
annotations:
passMe: ToStatefulSet
spec:
serviceAccountName: my-service-account
schedulerName: my-scheduler
nodeSelector:
disktype: ssd
imagePullSecrets:
- name: myregistrykey
args:
- "--loglevel verbose"
env:
- name: ENV_VARIABLE
value: "value"
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
serviceTemplates:
- alias: primary
metadata:
annotations:
passMe: ToService
spec:
type: NodePort
ports:
- name: http
port: 9200
terminationPolicy: Halt
halted: false
healthChecker:
periodSeconds: 15
timeoutSeconds: 10
failureThreshold: 2
disableWriteCheck: false
spec.autoOps
AutoOps is an optional field to control the generation of version update & TLS-related recommendations.
spec.version
spec.version
is a required field specifying the name of the RedisVersion crd where the docker images are specified. Currently, when you install KubeDB, it creates the following RedisVersion
crds,
4.0.6-v2
,4.0.11
,6.2.14
,5.0.14
6.0.20
,6.2.14
,6.2.14
6.2.14
7.0.4
,7.0.14
,7.0.6
spec.mode
spec.mode
specifies the mode in which Redis server instance(s) will be deployed. The possible values are either "Standalone"
, "Cluster"
and "Sentinel""
. The default value is "Standalone"
.
Standalone: In this mode, the operator to starts a standalone Redis server.
Cluster: In this mode, the operator will deploy Redis cluster.
Sentinel: In this mode, the operator will deploy a Redis Sentinel Cluster. The
RedisSentinel
instances need exist before deploying Redis in Sentinel mode.
When spec.mode
is set to Sentinel
, spec.sentinelRef.name
and spec.sentinelRef.namespace
fields needs to be set to give reference to Sentinel instance
spec.cluster
If spec.mode
is set to "Cluster"
, users can optionally provide a cluster specification. Currently, the following two parameters can be configured:
spec.cluster.master
: specifies the number of Redis master nodes. It must be greater or equal to 3. If not set, the operator set it to 3.spec.cluster.replicas
: specifies the number of replica nodes per master. It must be greater than 0. If not set, the operator set it to 1.
KubeDB uses PodDisruptionBudget
to ensure that majority of these cluster replicas are available during voluntary disruptions so that quorum is maintained and no data loss is occurred.
If spec.mode
is set to "Cluster"
, then spec.replicas
field is ignored.
spec.sentinelRef
spec.sentinelRef
field is only used when spec.mode
is Sentinel
. We want Redis instance to be monitored by a RedisSentinel instance which is already created.
This field has the following subfields.
spec.sentinelRef.name
: specifies name of the RedisSentinel instance.spec.sentinelRef.namespace
specifies namespace of the RedisSentinel instance.
spec.disableAuth
spec.disableAuth
is an optional field that decides whether Redis instance will be secured by auth or no.
spec.authSecret
spec.authSecret
is an optional field that points to a Secret used to hold credentials for redis
superuser. If not set, KubeDB operator creates a new Secret {redis-object-name}-auth
for storing the password for redis
superuser.
We can use this field in 3 mode.
- Using an external secret. In this case, You need to create an auth secret first with required fields, then specify the secret name when creating the Redis object using
spec.authSecret.name
& setspec.authSecret.externallyManaged
to true.
authSecret:
name: <your-created-auth-secret-name>
externallyManaged: true
- Specifying the secret name only. In this case, You need to specify the secret name when creating the Redis object using
spec.authSecret.name
.externallyManaged
is by default false.
authSecret:
name: <intended-auth-secret-name>
- Let KubeDB do everything for you. In this case, no work for you.
AuthSecret contains a user
key and a password
key which contains the username
and password
respectively for redis
superuser.
Example:
$ kubectl create secret generic redis1-auth -n demo \
--from-literal=username=jhon-doe \
--from-literal=password=6q8u_2jMOW-OOZXk
secret "redis1-auth" created
apiVersion: v1
data:
password: NnE4dV8yak1PVy1PT1pYaw==
username: amhvbi1kb2U=
kind: Secret
metadata:
name: redis1-auth
namespace: demo
type: Opaque
Secrets provided by users are not managed by KubeDB, and therefore, won’t be modified or garbage collected by the KubeDB operator (version 0.13.0 and higher).
spec.tls
spec.tls
specifies the TLS/SSL configurations for the Redis. KubeDB uses cert-manager v1 api to provision and manage TLS certificates.
The following fields are configurable in the spec.tls
section:
issuerRef
is a reference to theIssuer
orClusterIssuer
CR of cert-manager that will be used byKubeDB
to generate necessary certificates.apiGroup
is the group name of the resource that is being referenced. Currently, the only supported value iscert-manager.io
.kind
is the type of resource that is being referenced. KubeDB supports bothIssuer
andClusterIssuer
as values for this field.name
is the name of the resource (Issuer
orClusterIssuer
) being referenced.
certificates
(optional) are a list of certificates used to configure the server and/or client certificate. It has the following fields:alias
represents the identifier of the certificate. It has the following possible value:server
is used for server certificate identification.client
is used for client certificate identification.metrics-exporter
is used for metrics exporter certificate identification.
secretName
(optional) specifies the k8s secret name that holds the certificates.
This field is optional. If the user does not specify this field, the default secret name will be created in the following format:
<database-name>-<cert-alias>-cert
.
subject
(optional) specifies anX.509
distinguished name. It has the following possible field,organizations
(optional) are the list of different organization names to be used on the Certificate.organizationalUnits
(optional) are the list of different organization unit name to be used on the Certificate.countries
(optional) are the list of country names to be used on the Certificate.localities
(optional) are the list of locality names to be used on the Certificate.provinces
(optional) are the list of province names to be used on the Certificate.streetAddresses
(optional) are the list of a street address to be used on the Certificate.postalCodes
(optional) are the list of postal code to be used on the Certificate.serialNumber
(optional) is a serial number to be used on the Certificate. You can find more details from Here
duration
(optional) is the period during which the certificate is valid.renewBefore
(optional) is a specifiable time before expiration duration.dnsNames
(optional) is a list of subject alt names to be used in the Certificate.ipAddresses
(optional) is a list of IP addresses to be used in the Certificate.uris
(optional) is a list of URI Subject Alternative Names to be set in the Certificate.emailAddresses
(optional) is a list of email Subject Alternative Names to be set in the Certificate.privateKey
(optional) specifies options to control private keys used for the Certificate.encoding
(optional) is the private key cryptography standards (PKCS) encoding for this certificate’s private key to be encoded in. If provided, allowed values are “pkcs1” and “pkcs8” standing for PKCS#1 and PKCS#8, respectively. It defaults to PKCS#1 if not specified.
spec.storage
Since 0.10.0-rc.0, If you set spec.storageType:
to Durable
, then spec.storage
is a required field that specifies the StorageClass of PVCs dynamically allocated to store data for the database. This storage spec will be passed to the StatefulSet created by KubeDB operator to run database pods. You can specify any StorageClass available in your cluster with appropriate resource requests.
spec.storage.storageClassName
is the name of the StorageClass used to provision PVCs. PVCs don’t necessarily have to request a class. A PVC with its storageClassName set equal to "" is always interpreted to be requesting a PV with no class, so it can only be bound to PVs with no class (no annotation or one set equal to “”). A PVC with no storageClassName is not quite the same and is treated differently by the cluster depending on whether the DefaultStorageClass admission plugin is turned on.spec.storage.accessModes
uses the same conventions as Kubernetes PVCs when requesting storage with specific access modes.spec.storage.resources
can be used to request specific quantities of storage. This follows the same resource model used by PVCs.
To learn how to configure spec.storage
, please visit the links below:
spec.monitor
Redis managed by KubeDB can be monitored with builtin-Prometheus and Prometheus operator out-of-the-box. To learn more,
spec.configSecret
spec.configSecret
is an optional field that allows users to provide custom configuration for Redis. This field accepts a VolumeSource
. So you can use any Kubernetes supported volume source such as configMap
, secret
, azureDisk
etc. To learn more about how to use a custom configuration file see here.
spec.podTemplate
KubeDB allows providing a template for database pod through spec.podTemplate
. KubeDB operator will pass the information provided in spec.podTemplate
to the StatefulSet created for Redis server.
KubeDB accept following fields to set in spec.podTemplate:
- metadata:
- annotations (pod’s annotation)
- controller:
- annotations (statefulset’s annotation)
- spec:
- args
- env
- resources
- initContainers
- imagePullSecrets
- nodeSelector
- affinity
- serviceAccountName
- schedulerName
- tolerations
- priorityClassName
- priority
- securityContext
- livenessProbe
- readinessProbe
- lifecycle
You can check out the full list here.
Uses of some field of spec.podTemplate
is described below,
spec.podTemplate.spec.args
spec.podTemplate.spec.args
is an optional field. This can be used to provide additional arguments to database installation.
spec.podTemplate.spec.env
spec.podTemplate.spec.env
is an optional field that specifies the environment variables to pass to the Redis docker image.
spec.podTemplate.spec.imagePullSecret
KubeDB
provides the flexibility of deploying Redis server from a private Docker registry. To learn how to deploy Redis from a private registry, please visit here.
spec.podTemplate.spec.nodeSelector
spec.podTemplate.spec.nodeSelector
is an optional field that specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels (it can have additional labels as well). To learn more, see here .
spec.podTemplate.spec.serviceAccountName
serviceAccountName
is an optional field supported by KubeDB Operator (version 0.13.0 and higher) that can be used to specify a custom service account to fine tune role based access control.
If this field is left empty, the KubeDB operator will create a service account name matching Redis crd name. Role and RoleBinding that provide necessary access permissions will also be generated automatically for this service account.
If a service account name is given, but there’s no existing service account by that name, the KubeDB operator will create one, and Role and RoleBinding that provide necessary access permissions will also be generated for this service account.
If a service account name is given, and there’s an existing service account by that name, the KubeDB operator will use that existing service account. Since this service account is not managed by KubeDB, users are responsible for providing necessary access permissions manually. Follow the guide here to grant necessary permissions in this scenario.
spec.podTemplate.spec.resources
spec.podTemplate.spec.resources
is an optional field. This can be used to request compute resources required by the database pods. To learn more, visit here.
spec.serviceTemplates
You can also provide a template for the services created by KubeDB operator for Redis server through spec.serviceTemplates
. This will allow you to set the type and other properties of the services.
KubeDB allows following fields to set in spec.serviceTemplates
:
alias
represents the identifier of the service. It has the following possible value:primary
is used for the primary service identification.standby
is used for the secondary service identification.stats
is used for the exporter service identification.
metadata:
- annotations
spec:
- type
- ports
- clusterIP
- externalIPs
- loadBalancerIP
- loadBalancerSourceRanges
- externalTrafficPolicy
- healthCheckNodePort
- sessionAffinityConfig
See here to understand these fields in detail.
spec.terminationPolicy
terminationPolicy
gives flexibility whether to nullify
(reject) the delete operation of Redis
crd or which resources KubeDB should keep or delete when you delete Redis
crd. KubeDB provides following four termination policies:
- DoNotTerminate
- Halt
- Delete (
Default
) - WipeOut
When terminationPolicy
is DoNotTerminate
, KubeDB takes advantage of ValidationWebhook
feature in Kubernetes 1.9.0 or later clusters to implement DoNotTerminate
feature. If admission webhook is enabled, DoNotTerminate
prevents users from deleting the database as long as the spec.terminationPolicy
is set to DoNotTerminate
.
Following table show what KubeDB does when you delete Redis crd for different termination policies,
Behavior | DoNotTerminate | Halt | Delete | WipeOut |
---|---|---|---|---|
1. Block Delete operation | ✓ | ✗ | ✗ | ✗ |
2. Delete StatefulSet | ✗ | ✓ | ✓ | ✓ |
3. Delete Services | ✗ | ✓ | ✓ | ✓ |
4. Delete PVCs | ✗ | ✗ | ✓ | ✓ |
5. Delete Secrets | ✗ | ✗ | ✗ | ✓ |
6. Delete Snapshots | ✗ | ✗ | ✗ | ✓ |
7. Delete Snapshot data from bucket | ✗ | ✗ | ✗ | ✓ |
If you don’t specify spec.terminationPolicy KubeDB uses Delete termination policy by default. |
spec.halted
Indicates that the database is halted and all offshoot Kubernetes resources except PVCs are deleted.
spec.healthChecker
It defines the attributes for the health checker.
spec.healthChecker.periodSeconds
specifies how often to perform the health check.spec.healthChecker.timeoutSeconds
specifies the number of seconds after which the probe times out.spec.healthChecker.failureThreshold
specifies minimum consecutive failures for the healthChecker to be considered failed.spec.healthChecker.disableWriteCheck
specifies whether to disable the writeCheck or not.
Know details about KubeDB Health checking from this blog post.
Next Steps
- Learn how to use KubeDB to run a Redis server here.
- Want to hack on KubeDB? Check our contribution guidelines.