"Setup Redis Cluster with JSON and Search Modules on AKS with Binami Redis Using Custom Image" is explained in the prevous post. We can use redis insight to connect to redis cluster on AKS to explore data and add or update data. Let's look at how we can setup redis insight on AKS in this post.
The expectation is to have redis insight connected to redis clsuter on aks as shown below.
We have to deploy the redis insight as a stateful set to avoid issues in pod resceduling. Here is the full yaml used to deploy redis insight on AKS and it contains how to connect the deployed redis cluster which we can discuss in detail later in this post.
apiVersion: apps/v1 kind: StatefulSet metadata: name: redis-insight #deployment name namespace: redis labels: app: redis-insight #deployment label spec: serviceName: redis-insight-headless # required for StatefulSet replicas: 1 #a single replica pod selector: matchLabels: app: redis-insight #which pods is the deployment managing, as defined by the pod template template: #pod template metadata: labels: app: redis-insight #label for pod/s spec: nodeSelector: "kubernetes.io/os": linux # ------------------ # inti container is required to set permisions for volume mount initContainers: - name: volume-init image: busybox command: ["sh", "-c", "chown 1000:1000 /data && chmod 770 /data"] volumeMounts: - name: redis-insight-volume mountPath: /data # ------------------ containers: - name: redis-insight #Container name (DNS_LABEL, unique) image: redis/redisinsight:2.70.0-amd64 # https://hub.docker.com/r/redis/redisinsight/tags imagePullPolicy: IfNotPresent #Installs the latest Redis Insight version securityContext: runAsUser: 1000 runAsGroup: 1000 volumeMounts: - name: redis-insight-volume #Pod volumes to mount into the container's filesystem. Cannot be updated. mountPath: /data env: # - name: RI_REDIS_HOST_0 # value: redis-cluster.redis.svc.cluster.local # parameterize for pipeline # - name: RI_REDIS_PASSWORD_0 # set proper password created via terraform # value: my_reds_password # ${redis_password}$ # - name: RI_REDIS_HOST_1 # value: redis-standalone-master.redis-dev.svc.cluster.local # parameterize for pipeline # - name: RI_REDIS_PASSWORD_1 # set proper password created via terraform # value: my_reds_password # ${redis_password}$ - name: RI_REDIS_HOST value: "${redis_aks_route}$" - name: RI_REDIS_PASSWORD value: "${redis_password}$" - name: RI_REDIS_PORT value: "6379" ports: - containerPort: 5540 #exposed container port and protocol protocol: TCP livenessProbe: # Probe to check container health httpGet: path: /healthcheck/ # exposed RI endpoint for healthcheck port: 5540 # exposed container port initialDelaySeconds: 5 # number of seconds to wait after the container starts to perform liveness probe periodSeconds: 5 # period in seconds after which liveness probe is performed failureThreshold: 1 # number of liveness probe failures after which container restarts resources: requests: cpu: 500m memory: 2Gi limits: memory: 2Gi volumeClaimTemplates: - metadata: name: redis-insight-volume spec: accessModes: - ReadWriteOnce storageClassName: redis-storage resources: requests: storage: 1Gi # Headless service required for StatefulSet
# StatefulSets require a stable network identity for each pod because pods may be restarted,# rescheduled, or scaled, but you still want each pod to have a predictable DNS name.--- apiVersion: v1 kind: Service metadata: name: redis-insight-headless namespace: redis spec: clusterIP: None selector: app: redis-insight ports: - name: redis-insight port: 5540 # Load balancer service for redis insight for local access --- apiVersion: v1 kind: Service metadata: name: redis-insight-lb namespace: redis labels: app.kubernetes.io/name: redis-cluster app.kubernetes.io/component: redis annotations: # service.beta.kubernetes.io/azure-load-balancer-ipv4: #{redis_insight_public_ip}# replace # with $ # service.beta.kubernetes.io/azure-load-balancer-internal: "false" # --------------- # Private IP can be used only with VPN. Therefore, above public IP can be used if VPN is not available. # --------------- service.beta.kubernetes.io/azure-load-balancer-ipv4: ${private_ip_redis_insight}$ service.beta.kubernetes.io/azure-load-balancer-internal: "true" # --------------- spec: type: LoadBalancer selector: app: redis-insight ports: - name: redis-insight protocol: TCP port: 80 # exposed port for redis insight by load balancer targetPort: 5540 # port on which redis insight is running in the container
Lets try to understand above deployment yaml.
First section of the stateful set specify names labels and where to schedule pod, it should be on linux node.
apiVersion: apps/v1 kind: StatefulSet metadata: name: redis-insight #deployment name namespace: redis labels: app: redis-insight #deployment label spec: serviceName: redis-insight-headless replicas: 1 selector: matchLabels: app: redis-insight template: metadata: labels: app: redis-insight spec: nodeSelector: "kubernetes.io/os": linux
Then th init container part below is a must. It is setting up the permissions for the running user for the volume mount. If not set the redis insight pod access the volume attached.
# ------------------ # inti container is required to set permisions for volume mount initContainers: - name: volume-init image: busybox command: ["sh", "-c", "chown 1000:1000 /data && chmod 770 /data"] volumeMounts: - name: redis-insight-volume mountPath: /data # ------------------
In the container specification we set the image to use. The user is set as none root user. and volume mount is defined.
containers: - name: redis-insight #Container name (DNS_LABEL, unique) image: redis/redisinsight:2.70.0-amd64 # https://hub.docker.com/r/redis/redisinsight/tags imagePullPolicy: IfNotPresent #Installs the latest Redis Insight version securityContext: runAsUser: 1000 runAsGroup: 1000 volumeMounts: - name: redis-insight-volume #Pod volumes to mount into the container's filesystem. Cannot be updated. mountPath: /data
The environment variable section allows to setup the conectivity to the Redis cluster deployed to AKS. If there are mutiple redis clsuters deployed to multiplle namespaces in AKS then they can also be connected to a single instance of redis insight using the RI_REDIS_HOST_0 pattern with suffix index.
The route here for redis cluster deployed to AKS would be redis-cluster.redis.svc.cluster.local if the redis cluster is deployed in namespace redis. The password should be set with actual password value. We can use Azure pipeline replace token task to replace tokens such as ${redis_aks_route}$ in this yaml.
env: # - name: RI_REDIS_HOST_0 # value: redis-cluster.redis.svc.cluster.local # parameterize for pipeline # - name: RI_REDIS_PASSWORD_0 # set proper password created via terraform # value: my_reds_password # ${redis_password}$ # - name: RI_REDIS_HOST_1 # value: redis-standalone-master.redis-dev.svc.cluster.local # parameterize for pipeline # - name: RI_REDIS_PASSWORD_1 # set proper password created via terraform # value: my_reds_password # ${redis_password}$ - name: RI_REDIS_HOST value: "${redis_aks_route}$" - name: RI_REDIS_PASSWORD value: "${redis_password}$" - name: RI_REDIS_PORT value: "6379"
Then we have the resource setup for redis insight and we are exposing redis insight via port 5540. Resources such as memeory and CPU should be monitored and fine tuned based on usage. Liveness probe isuseful here to ensure the redis insigh keep running healthily. Volume claim template uses the same redis storage class we defined as described in the "Setup Redis Cluster with JSON and Search Modules on AKS with Binami Redis Using Custom Image".
ports: - containerPort: 5540 #exposed container port and protocol protocol: TCP livenessProbe: # Probe to check container health httpGet: path: /healthcheck/ # exposed RI endpoint for healthcheck port: 5540 # exposed container port initialDelaySeconds: 5 # number of seconds to wait after the container starts to perform liveness probe periodSeconds: 5 # period in seconds after which liveness probe is performed failureThreshold: 1 # number of liveness probe failures after which container restarts resources: requests: cpu: 500m memory: 2Gi limits: memory: 2Gi volumeClaimTemplates: - metadata: name: redis-insight-volume spec: accessModes: - ReadWriteOnce storageClassName: redis-storage resources: requests: storage: 1Gi
The headless service is required as described in below comment to have stable connectivity with stateful set.
# Headless service required for StatefulSet# StatefulSets require a stable network identity for each pod because pods may be restarted,# rescheduled, or scaled, but you still want each pod to have a predictable DNS name.--- apiVersion: v1 kind: Service metadata: name: redis-insight-headless namespace: redis spec: clusterIP: None selector: app: redis-insight ports: - name: redis-insight port: 5540
To expose the redis insigh deployed in AKS we have to use a load balancer as shown below. If VPN connectiivity is setup with Azure then you can use a private IP and expose the redis insight. Else it is possible to use a public IP and setup load balancer.
# Load balancer service for redis insight for local access --- apiVersion: v1 kind: Service metadata: name: redis-insight-lb namespace: redis labels: app.kubernetes.io/name: redis-cluster app.kubernetes.io/component: redis annotations: # service.beta.kubernetes.io/azure-load-balancer-ipv4: #{redis_insight_public_ip}# replace # with $ # service.beta.kubernetes.io/azure-load-balancer-internal: "false" # --------------- # Private IP can be used only with VPN. Therefore, above public IP can be used if VPN is not available. # --------------- service.beta.kubernetes.io/azure-load-balancer-ipv4: ${private_ip_redis_insight}$ service.beta.kubernetes.io/azure-load-balancer-internal: "true" # --------------- spec: type: LoadBalancer selector: app: redis-insight ports: - name: redis-insight protocol: TCP port: 80 # exposed port for redis insight by load balancer targetPort: 5540 # port on which redis insight is running in the container
Once deployed you can see the redis insight pod is running. A healess service loa balancer for redis insight alsow deployed for the stateful set.
Once created we can access the redis insight via a browser and see our clsuter is added to the redis insight.
Clicking on cluster name alias will connect automatically as the password is alraeady setup via env variable for the redis insight pod. You can see all modules are avaialbe once connected.
You can use various options in redis insight such as work bench and query facilities to view or add/update redis data.
No comments:
Post a Comment