Operations
Backup And Restores
Custom Secret
Monitoring
tpl
This guide demonstrates how to deploy a Redis cluster in KubeBlocks with a custom root password stored in a Kubernetes Secret.
Before proceeding, ensure the following:
kubectl create ns demo
namespace/demo created
KubeBlocks uses a declarative approach for managing Redis clusters. Below is an example configuration for deploying a Redis cluster with 2 nodes (1 primary, 1 replicas) and a custom root password.
The custom root password is stored in a Kubernetes Secret. Create the Secret by applying the following YAML:
apiVersion: v1
data:
password: Y3VzdG9tcGFzc3dvcmQ= # custompassword
username: cm9vdA== #root
immutable: true
kind: Secret
metadata:
name: custom-secret
namespace: demo
echo -n "custompassword" | base64).Apply the following manifest to deploy the Redis cluster, referencing the Secret created in Step 1 for the root account:
apiVersion: apps.kubeblocks.io/v1
kind: Cluster
metadata:
name: redis-replication
namespace: demo
spec:
terminationPolicy: Delete
clusterDef: redis
topology: replication
componentSpecs:
- name: redis
serviceVersion: "7.2.4"
disableExporter: false
replicas: 2
systemAccounts: # override systemaccount password
- name: default
secretRef:
name: custom-secret
namespace: demo
resources:
limits:
cpu: '0.5'
memory: 0.5Gi
requests:
cpu: '0.5'
memory: 0.5Gi
volumeClaimTemplates:
- name: data
spec:
storageClassName: ""
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
- name: redis-sentinel
replicas: 3
resources:
limits:
cpu: '0.5'
memory: 0.5Gi
requests:
cpu: '0.5'
memory: 0.5Gi
volumeClaimTemplates:
- name: data
spec:
storageClassName: ""
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
Explanation of Key Fields
systemAccounts: Overrides system accounts defined in the referenced ComponentDefinition.In KubeBlocks Redis Addon, a list of system accounts is defined. And only those accounts can be customized with a new secret.
To get the of accounts:
kubectl get cmpd redis-7-1.0.0 -oyaml | yq '.spec.systemAccounts[].name'
Expected Output:
default
Monitor the cluster status until it transitions to the Running state:
kubectl get cluster redis-replication -n demo -w
Expected Output:
NAME CLUSTER-DEFINITION TERMINATION-POLICY STATUS AGE
redis-replication redis Delete Running 3m49s
Check the pod status and roles:
kubectl get pods -l app.kubernetes.io/instance=redis-replication -L kubeblocks.io/role -n demo
Expected Output:
NAME READY STATUS RESTARTS AGE ROLE
redis-replication-redis-0 3/3 Running 0 3m38s primary
redis-replication-redis-1 3/3 Running 0 3m16s secondary
redis-replication-redis-sentinel-0 2/2 Running 0 4m35s
redis-replication-redis-sentinel-1 2/2 Running 0 4m17s
redis-replication-redis-sentinel-2 2/2 Running 0 3m59s
Once the cluster status becomes Running, your Redis cluster is ready for use.
If you are creating the cluster for the very first time, it may take some time to pull images before running.
KubeBlocks automatically creates a secret containing the Redis root credentials. Retrieve the credentials with the following commands:
kubectl get secrets -n demo redis-replication-redis-account-default -o jsonpath='{.data.password}' | base64 -d
custompassword
To connect to the cluster's primary node, use the Redis client with the custom password:
kubectl exec -it -n demo redis-replication-redis-0 -c redis -- reids-cli -a ${PASSWD}
To remove all created resources, delete the Redis cluster along with its namespace:
kubectl delete cluster redis-replication -n demo
kubectl delete secret custom-secret -n demo
kubectl delete ns demo
In this guide, you:
Using Kubernetes Secrets ensures secure credential management for your Redis clusters, while KubeBlocks simplifies the deployment and management process.