1

I've successfully set up a password-protected redis cluster using the guide here:

http://kubernetes.io/v1.1/examples/redis/

I can connect to the sentinel just fine using redis-cli, but I cannot connect to the redis master/slave even though I have exposed the sentinels.

I'm using ruby and the following connection string.. Am I doing this wrong?

SENTINELS = [{host: "104.122.24.897", port: 26379}]

redis = Redis.new(url: "redis://mymaster", sentinels: SENTINELS, :role => :master, password: "longasspassword", timeout: 16)

The error I get is:

Error connecting to Redis on 10.64.7.33:6379 (Redis::TimeoutError) (Redis::CannotConnectError)`
Floern
  • 33,559
  • 24
  • 104
  • 119
sambehera
  • 959
  • 3
  • 13
  • 33
  • What's odd is your error is showing the default port, not the port you specified. Is it not listening to your configuration properly? – tadman Feb 12 '16 at 18:37
  • I think sentinels are supposed to just fwd to the redis master right? the port showing up is the redis master port I believe.. – sambehera Feb 12 '16 at 20:11
  • Good point. In that case maybe your sentinel is misconfigured? – tadman Feb 12 '16 at 20:49
  • No sentinels do not forward. Think of them as a lookup service. The client has to support sentinel lookups. – The Real Bill Feb 12 '16 at 22:49
  • my redis client supports sentinels -- just cannot figure out how to make it use them – sambehera Feb 13 '16 at 05:49
  • 1
    I think the issue is that sentinel is giving a local IP of 10.64.7.33 .. I have tried exposing the redis-master-slave service with a global IP and can connect to it with my password.. but I get the error `(error) READONLY You can't write against a read only slave.` when trying to write something. I can also not connect to master via redis sentinel – sambehera Feb 13 '16 at 22:30

1 Answers1

1

I eventually settled on using helm (https://helm.sh/) and installed redis-cluster using helm install redis-cluster.

I can connect to the redis cluster using the cluster_ip (not external ip) in kubernetes and this satisfies my security requirement. redis sentinel works out of the box with this approach.

sambehera
  • 959
  • 3
  • 13
  • 33