KubeBlocks
BlogsKubeBlocks Cloud
⌘K
​
Overview
Quickstart

Topologies

Redis Standalone Cluster
Redis Replication Cluster
Redis Sharding Cluster

Operations

Lifecycle Management
Vertical Scaling
Horizontal Scaling
Volume Expansion
Manage Redis Services
Modify Redis Parameters
Redis Switchover
Decommission Redis Replica

Backup And Restores

Create BackupRepo
Create Full Backup
Scheduled Backups
Scheduled Continuous Backup
Restore Redis Cluster
Restore with PITR

Custom Secret

Custom Password

Monitoring

Observability for Redis Clusters
FAQs

tpl

  1. Prerequisites
  2. Deploy a Redis Replication Cluster
  3. Verifying the Deployment
  4. View Network Services
  5. Expose Redis Service
    1. Service Types Comparison
    2. Verify the Exposed Service
    3. Wait for DNS Propagation
  6. Connect to Redis Externally
    1. Retrieve Credentials
    2. Connect Using Redis Client
  7. Disable External Exposure
    1. Verify Service Removal
  8. Cleanup
  9. Summary

Manage Redis Services Using the Declarative Cluster API in KubeBlocks

This guide provides step-by-step instructions for exposing Redis services managed by KubeBlocks, both externally and internally. You'll learn to configure external access using cloud provider LoadBalancer services, manage internal services, and properly disable external exposure when no longer needed.

Prerequisites

    Before proceeding, ensure the following:

    • Environment Setup:
      • A Kubernetes cluster is up and running.
      • The kubectl CLI tool is configured to communicate with your cluster.
      • KubeBlocks CLI and KubeBlocks Operator are installed. Follow the installation instructions here.
    • Namespace Preparation: To keep resources isolated, create a dedicated namespace for this tutorial:
    kubectl create ns demo
namespace/demo created

    Deploy a Redis Replication Cluster

      KubeBlocks uses a declarative approach for managing Redis Replication Clusters. Below is an example configuration for deploying a Redis Replication Cluster with two components, redis and redis sentinel.

      Apply the following YAML configuration to deploy the cluster:

      apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
  name: redis-replication
  namespace: demo
spec:
  terminationPolicy: Delete
  clusterDef: redis
  topology: replication
  componentSpecs:
    - name: redis
      serviceVersion: "7.2.4"
      disableExporter: false
      replicas: 2
      resources:
        limits:
          cpu: '0.5'
          memory: 0.5Gi
        requests:
          cpu: '0.5'
          memory: 0.5Gi
      volumeClaimTemplates:
        - name: data
          spec:
            storageClassName: ""
            accessModes:
              - ReadWriteOnce
            resources:
              requests:
                storage: 20Gi
    - name: redis-sentinel
      replicas: 3
      resources:
        limits:
          cpu: '0.5'
          memory: 0.5Gi
        requests:
          cpu: '0.5'
          memory: 0.5Gi
      volumeClaimTemplates:
        - name: data
          spec:
            storageClassName: ""
            accessModes:
              - ReadWriteOnce
            resources:
              requests:
                storage: 20Gi

      Verifying the Deployment

        Monitor the cluster status until it transitions to the Running state:

        kubectl get cluster redis-replication -n demo -w

        Expected Output:

        NAME                CLUSTER-DEFINITION   TERMINATION-POLICY   STATUS    AGE
redis-replication   redis                Delete               Running   3m49s

        Check the pod status and roles:

        kubectl get pods -l app.kubernetes.io/instance=redis-replication -L  kubeblocks.io/role -n demo

        Expected Output:

        NAME                                 READY   STATUS    RESTARTS   AGE     ROLE
redis-replication-redis-0            3/3     Running   0          3m38s   primary
redis-replication-redis-1            3/3     Running   0          3m16s   secondary
redis-replication-redis-sentinel-0   2/2     Running   0          4m35s
redis-replication-redis-sentinel-1   2/2     Running   0          4m17s
redis-replication-redis-sentinel-2   2/2     Running   0          3m59s

        Once the cluster status becomes Running, your Redis cluster is ready for use.

        TIP

        If you are creating the cluster for the very first time, it may take some time to pull images before running.

        View Network Services

        List the Services created for the Redis cluster:

        kubectl get service -l app.kubernetes.io/instance=redis-replication -n demo

        Example Services:

        NAME                                              TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)     AGE
redis-replication-redis-redis                     ClusterIP   10.96.102.140   <none>        6379/TCP    31s
redis-replication-redis-sentinel-redis-sentinel   ClusterIP   10.96.157.4     <none>        26379/TCP   51s

        Expose Redis Service

        External service addresses enable public internet access to Redis, while internal service addresses restrict access to the user's VPC.

        Service Types Comparison

        TypeUse CaseCloud CostSecurity
        ClusterIPInternal service communicationFreeHighest
        NodePortDevelopment/testingLowModerate
        LoadBalancerProduction external accessHighManaged via security groups

        Option 1: Using OpsRequest

        To expose the Redis service externally using a LoadBalancer, create an OpsRequest resource:

        apiVersion: operations.kubeblocks.io/v1alpha1
kind: OpsRequest
metadata:
  name: redis-replication-expose-enable-ops
  namespace: demo
spec:
  type: Expose
  clusterName: redis-replication
  expose:
  - componentName: redis
    services:
    - name: internet
      # Determines how the Service is exposed. Defaults to 'ClusterIP'.
      # Valid options are 'ClusterIP', 'NodePort', and 'LoadBalancer'.
      serviceType: LoadBalancer
      # Contains cloud provider related parameters if ServiceType is LoadBalancer.
      # Following is an example for AWS EKS
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: nlb
        service.beta.kubernetes.io/aws-load-balancer-internal: "false"  # or "true" for an internal VPC IP
      # Specifies a role to target with the service.
      # If specified, the service will only be exposed to pods with the matching
      # role.
      roleSelector: primary
    switch: Enable

        Wait for the OpsRequest to complete:

        kubectl get ops redis-replication-expose-enable-ops -n demo

        Example Output:

        NAME                                  TYPE     CLUSTER             STATUS    PROGRESS   AGE
redis-replication-expose-enable-ops   Expose   redis-replication   Succeed   1/1        31s

        Option 2: Using Cluster API

        Alternatively, update the spec.services section in the Cluster resource to include a LoadBalancer service:

        apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
  name: redis-replication
  namespace: demo
spec:
  terminationPolicy: Delete
  clusterDef: redis
  topology: replication
  # expose a external service
  services:
    - annotations:
        service.beta.kubernetes.io/aws-load-balancer-type: nlb  # Use Network Load Balancer
        service.beta.kubernetes.io/aws-load-balancer-internal: "false"  # or "true" for an internal VPC IP
      componentSelector: redis
      name: redis-internet
      serviceName: redis-internet
      roleSelector: primary
      spec:
        ipFamilyPolicy: PreferDualStack
        ports:
          - name: redis
            port: 6379
            protocol: TCP
            targetPort: redis
        type: LoadBalancer
  componentSpecs:
  ...

        The YAML configuration above adds a new external service under the services section. This LoadBalancer service includes annotations for AWS Network Load Balancer (NLB).

        NOTE

        Cloud Provider Annotations

        When using a LoadBalancer service, you must include the appropriate annotations specific to your cloud provider. Below is a list of commonly used annotations for different cloud providers:

        • AWS
        service.beta.kubernetes.io/aws-load-balancer-type: nlb  # Use Network Load Balancer
service.beta.kubernetes.io/aws-load-balancer-internal: "true"  # Use "false" for internet-facing LoadBalancer
        • Azure
        service.beta.kubernetes.io/azure-load-balancer-internal: "true" # Use "false" for internet-facing LoadBalancer
        • GCP
        networking.gke.io/load-balancer-type: "Internal"  # Restricts the LoadBalancer to internal VPC access only. Defaults to internet-facing if not specified.
cloud.google.com/l4-rbs: "enabled" # Optimization for internet-facing LoadBalancer
        • Alibaba Cloud
        service.beta.kubernetes.io/alibaba-cloud-loadbalancer-address-type: "internet"  # Use "intranet" for internal-facing LoadBalancer
        NOTE

        The service.beta.kubernetes.io/aws-load-balancer-internal annotation controls whether the LoadBalancer is internal or internet-facing. Note that this annotation cannot be modified dynamically after service creation.

          service.beta.kubernetes.io/aws-load-balancer-internal: "false"  # Use "true" for internal VPC IPs

        If you change this annotation from "false" to "true" after the Service is created, the annotation may update in the Service object, but the LoadBalancer will still retain its public IP.

        To properly modify this behavior:

        • First, delete the existing LoadBalancer service.
        • Recreate the service with the updated annotation (service.beta.kubernetes.io/aws-load-balancer-internal: "true").
        • Wait for the new LoadBalancer to be provisioned with the correct internal or external IP.

        Wait for the Cluster status to transition to Running using the following command:

        kubectl get cluster redis-replication -n demo -w

        NAME         CLUSTER-DEFINITION   TERMINATION-POLICY   STATUS    AGE
redis-replication   redis           Delete               Running   18m

        Verify the Exposed Service

        Check the service details to confirm the LoadBalancer service is created:

        kubectl get service -l app.kubernetes.io/instance=redis-replication -n demo

        Example Output:

        NAME                               TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)             AGE
redis-replication-redis-internet   LoadBalancer   172.20.60.24   <EXTERNAL-IP> 6379:31243/TCP      1m

        Wait for DNS Propagation

        The LoadBalancer DNS name may take 2-5 minutes to become resolvable. Verify the resolution status:

        nslookup <EXTERNAL-IP>  # replace <EXTERNAL-IP> with the real IP from previous output.

        Connect to Redis Externally

        Retrieve Credentials

        KubeBlocks automatically creates a Secret containing the Redis default credentials. Retrieve the Redis default credentials:

        NAME=`kubectl get secrets -n demo redis-replication-redis-account-default -o jsonpath='{.data.username}' | base64 -d`
PASSWD=`kubectl get secrets -n demo redis-replication-redis-account-default -o jsonpath='{.data.password}' | base64 -d`

        Connect Using Redis Client

        You can now connect to the Redis database externally (e.g., from your laptop or EC2):

        redis-cli -h <EXTERNAL_IP> -a ${PASSWD}

        Disable External Exposure

        Option 1: Using OpsRequest

        To disable external access, create an OpsRequest:

        apiVersion: operations.kubeblocks.io/v1alpha1
kind: OpsRequest
metadata:
  name: redis-replication-expose-disable-ops
  namespace: demo
spec:
  clusterName: redis-replication
  expose:
  - componentName: redis
    services:
    - name: internet
      roleSelector: primary
      serviceType: LoadBalancer
    switch: Disable
  preConditionDeadlineSeconds: 0
  type: Expose

        Wait for the OpsRequest to complete:

        kubectl get ops redis-replication-expose-disable-ops -n demo

        Example Output:

        NAME                                   TYPE     CLUSTER      STATUS    PROGRESS   AGE
redis-replication-expose-disable-ops   Expose   redis-replication   Succeed   1/1        12s

        Option 2: Using Cluster API

        Alternatively, remove the spec.services field from the Cluster resource:

        kubectl patch cluster redis-replication -n demo --type=json -p='[
  {
    "op": "remove",
    "path": "/spec/services"
  }
]'

        Monitor the cluster status until it is Running:

        kubectl get cluster redis-replication -n demo -w

        NAME                CLUSTER-DEFINITION   TERMINATION-POLICY   STATUS    AGE
redis-replication   redis           Delete               Running   23m

        Verify Service Removal

        Ensure that the 'redis-replication-redis-internet' Service is removed:

        kubectl get service -l app.kubernetes.io/instance=redis-replication -n demo

        Expected Result: The 'redis-replication-redis-internet' Service should be removed.

        Cleanup

        To remove all created resources, delete the Redis cluster along with its namespace:

        kubectl delete cluster redis-replication -n demo
kubectl delete ns demo

        Summary

        This guide demonstrated how to:

        • Expose a Redis service externally or internally using KubeBlocks.
        • Configure LoadBalancer services with cloud provider-specific annotations.
        • Manage external access by enabling or disabling services via OpsRequest or direct updates to the Cluster API.

        KubeBlocks provides flexibility and simplicity for managing MySQL services in Kubernetes environments. simplicity for managing Redis services in Kubernetes environments.

        © 2025 ApeCloud PTE. Ltd.