Redis Operator 使用随记

基于 OT-CONTAINER-KIT/redis-operator 项目，使用 Operator 在 Kubernetes 上部署 Redis。

安装 Operator

helm repo add ot-helm https://ot-container-kit.github.io/helm-charts/
helm upgrade redis-operator ot-helm/redis-operator \
  --install --create-namespace --namespace ot-operators

部署 Redis Standalone

cat <<EOF | kubectl apply -f -
apiVersion: redis.redis.opstreelabs.in/v1beta1
kind: Redis
metadata:
  name: redis-standalone
spec:
  kubernetesConfig:
    image: quay.io/opstree/redis:v7.0.15
    imagePullPolicy: IfNotPresent
    resources:
      requests:
        cpu: 101m
        memory: 128Mi
      limits:
        cpu: 101m
        memory: 128Mi
  storage:
    volumeClaimTemplate:
      spec:
        storageClassName: longhorn
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 1Gi
  securityContext:
    runAsUser: 1000
    fsGroup: 1000
EOF

如果出现报错：

Can't open or create append-only dir appendonlydir: Permission denied

需要修改数据目录权限解决：

chown -R ubuntu:ubuntu /<path-to-redis-data-dir>

部署后就可以通过 redis-cli 工具连接：

root@rke2-cilium-01:~# kubectl exec -it redis-standalone-0 -- bash
redis-standalone-0:/data$ redis-cli
127.0.0.1:6379> info
# Server
redis_version:7.0.15
...

部署 Redis Cluster

cat <<EOF | kubectl apply -f -
apiVersion: redis.redis.opstreelabs.in/v1beta1
kind: RedisCluster
metadata:
  name: redis-cluster
spec:
  clusterSize: 1
  clusterVersion: v7
  securityContext:
    runAsUser: 1000
    fsGroup: 1000
  persistenceEnabled: true
  kubernetesConfig:
    image: quay.io/opstree/redis:v7.0.15
    imagePullPolicy: Always
    resources:
      requests:
        cpu: 101m
        memory: 128Mi
      limits:
        cpu: 101m
        memory: 128Mi
  storage:
    volumeClaimTemplate:
      spec:
        storageClassName: longhorn
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 1Gi
EOF

部署 Redis Sentinel

cat <<EOF | kubectl apply -f -
apiVersion: redis.redis.opstreelabs.in/v1beta1
kind: RedisSentinel
metadata:
  name: redis-sentinel
spec:
  clusterSize: 1
  securityContext:
    runAsUser: 1000
    fsGroup: 1000
  redisSentinelConfig: 
    redisReplicationName : redis-replication
  kubernetesConfig:
    image: quay.io/opstree/redis-sentinel:v7.0.15
    imagePullPolicy: IfNotPresent
    resources:
      requests:
        cpu: 101m
        memory: 128Mi
      limits:
        cpu: 101m
        memory: 128Mi
EOF

配置 Auth

kubectl create secret generic redis-secret --from-literal=password=changeme

cat <<EOF | kubectl apply -f -
apiVersion: redis.redis.opstreelabs.in/v1beta1
kind: Redis
metadata:
  name: redis-standalone
spec:
  kubernetesConfig:
    image: quay.io/opstree/redis:v7.0.15
    imagePullPolicy: IfNotPresent
    resources:
      requests:
        cpu: 101m
        memory: 128Mi
      limits:
        cpu: 101m
        memory: 128Mi
    redisSecret:
      name: redis-secret
      key: password
  storage:
    volumeClaimTemplate:
      spec:
        storageClassName: longhorn
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 1Gi
  securityContext:
    runAsUser: 1000
    fsGroup: 1000
EOF

可以看到需要密码认证后才能使用：

root@rke2-cilium-01:~# kubectl exec -it redis-standalone-0 -- redis-cli
127.0.0.1:6379> info
NOAUTH Authentication required.
127.0.0.1:6379> auth changeme
OK

添加额外配置

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  name: redis-external-config
data:
  redis-additional.conf: |
    tcp-keepalive 400
    slowlog-max-len 158
    stream-node-max-bytes 2048
EOF

cat <<EOF | kubectl apply -f -
apiVersion: redis.redis.opstreelabs.in/v1beta1
kind: Redis
metadata:
  name: redis-standalone
spec:
  redisConfig:
    additionalRedisConfig: redis-external-config
  kubernetesConfig:
    image: quay.io/opstree/redis:v7.0.15
    imagePullPolicy: IfNotPresent
    resources:
      requests:
        cpu: 101m
        memory: 128Mi
      limits:
        cpu: 101m
        memory: 128Mi
    redisSecret:
      name: redis-secret
      key: password
  storage:
    volumeClaimTemplate:
      spec:
        storageClassName: longhorn
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 1Gi
  securityContext:
    runAsUser: 1000
    fsGroup: 1000
EOF