Create Redis Cluster With Custom Password on KubeBlocks

This guide demonstrates how to deploy a Redis cluster in KubeBlocks with a custom root password stored in a Kubernetes Secret.

Prerequisites

Before proceeding, ensure the following:

Environment Setup:
- A Kubernetes cluster is up and running.
- The kubectl CLI tool is configured to communicate with your cluster.
- KubeBlocks CLI and KubeBlocks Operator are installed. Follow the installation instructions here.
Namespace Preparation: To keep resources isolated, create a dedicated namespace for this tutorial:

kubectl create ns demo
namespace/demo created

Deploying the Redis Replication Cluster

KubeBlocks uses a declarative approach for managing Redis clusters. Below is an example configuration for deploying a Redis cluster with 2 nodes (1 primary, 1 replicas) and a custom root password.

Step 1: Create a Secret for the Defaults Account

The custom root password is stored in a Kubernetes Secret. Create the Secret by applying the following YAML:

apiVersion: v1
data:
  password: Y3VzdG9tcGFzc3dvcmQ= # custompassword
  username: cm9vdA== #root
immutable: true
kind: Secret
metadata:
  name: custom-secret
  namespace: demo

password: Replace custompassword with your desired password and encode it using Base64 (echo -n "custompassword" | base64).
username: The default Redis default user is 'default', encoded as 'cm9vdA=='.

Step 2: Deploy the Redis Cluster

Apply the following manifest to deploy the Redis cluster, referencing the Secret created in Step 1 for the root account:

apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
  name: redis-replication
  namespace: demo
spec:
  terminationPolicy: Delete
  clusterDef: redis
  topology: replication
  componentSpecs:
    - name: redis
      serviceVersion: "7.2.4"
      disableExporter: false
      replicas: 2
      systemAccounts:  # override systemaccount password
        - name: default
          secretRef:
            name: custom-secret
            namespace: demo
      resources:
        limits:
          cpu: '0.5'
          memory: 0.5Gi
        requests:
          cpu: '0.5'
          memory: 0.5Gi
      volumeClaimTemplates:
        - name: data
          spec:
            storageClassName: ""
            accessModes:
              - ReadWriteOnce
            resources:
              requests:
                storage: 20Gi
    - name: redis-sentinel
      replicas: 3
      resources:
        limits:
          cpu: '0.5'
          memory: 0.5Gi
        requests:
          cpu: '0.5'
          memory: 0.5Gi
      volumeClaimTemplates:
        - name: data
          spec:
            storageClassName: ""
            accessModes:
              - ReadWriteOnce
            resources:
              requests:
                storage: 20Gi

Explanation of Key Fields

systemAccounts: Overrides system accounts defined in the referenced ComponentDefinition.

TIP

In KubeBlocks Redis Addon, a list of system accounts is defined. And only those accounts can be customized with a new secret.

To get the of accounts:

kubectl get cmpd redis-7-1.0.0         -oyaml | yq '.spec.systemAccounts[].name'

Expected Output:

default

Verifying the Deployment

Monitor the cluster status until it transitions to the Running state:

kubectl get cluster redis-replication -n demo -w

Expected Output:

NAME                CLUSTER-DEFINITION   TERMINATION-POLICY   STATUS    AGE
redis-replication   redis                Delete               Running   3m49s

Check the pod status and roles:

kubectl get pods -l app.kubernetes.io/instance=redis-replication -L  kubeblocks.io/role -n demo

Expected Output:

NAME                                 READY   STATUS    RESTARTS   AGE     ROLE
redis-replication-redis-0            3/3     Running   0          3m38s   primary
redis-replication-redis-1            3/3     Running   0          3m16s   secondary
redis-replication-redis-sentinel-0   2/2     Running   0          4m35s
redis-replication-redis-sentinel-1   2/2     Running   0          4m17s
redis-replication-redis-sentinel-2   2/2     Running   0          3m59s

Once the cluster status becomes Running, your Redis cluster is ready for use.

TIP

If you are creating the cluster for the very first time, it may take some time to pull images before running.

Connecting to the Redis Cluster

KubeBlocks automatically creates a secret containing the Redis root credentials. Retrieve the credentials with the following commands:

kubectl get secrets -n demo redis-replication-redis-account-default -o jsonpath='{.data.password}' | base64 -d
custompassword

To connect to the cluster's primary node, use the Redis client with the custom password:

kubectl exec -it -n demo redis-replication-redis-0 -c redis -- reids-cli -a ${PASSWD}

Cleanup

To remove all created resources, delete the Redis cluster along with its namespace:

kubectl delete cluster redis-replication -n demo
kubectl delete secret custom-secret -n demo
kubectl delete ns demo

Summary

In this guide, you:

Created a Kubernetes Secret to securely store a custom Redis default password.
Deployed a Redis cluster in KubeBlocks with a custom root password.
Verified the deployment and connected to the cluster's primary node using the Redis client.

Using Kubernetes Secrets ensures secure credential management for your Redis clusters, while KubeBlocks simplifies the deployment and management process.