2

I am trying to learn docker and kubernetes and one of the things I am trying to do is setup Redis with Sentinel and expose redis to things outside the container.

Getting redis and sentinel setup was pretty easy following https://github.com/kubernetes/kubernetes/tree/master/examples/storage/redis

But now my next desire is to be able to access redis outside the container and I can't figure out who to expose sentinel and the master pod.

Josh
  • 1,058
  • 9
  • 27

1 Answers1

1

The redis sentinel service file from your link (https://github.com/kubernetes/kubernetes/blob/master/examples/storage/redis/redis-sentinel-service.yaml) will expose the pods within the cluster. For external access (from outside your cluster) you can use a NodePort:

apiVersion: v1
kind: Service
metadata:
  labels:
    name: sentinel
    role: service
  name: redis-sentinel
spec:
  type: NodePort
  ports:
    - port: 26379
      targetPort: 26379
      nodePort: 30369
  selector:
    redis-sentinel: "true"

This would expose the port 30369 on all your hosts from the outside world to the redis sentinel service.

Several remarks on this: * Firewall: Security in redis is limited, so prevent unwanted access before opening the port * The allowed to be assigned nodePort range is from 30000 to 32767, so be creative with this limitation.

Norbert
  • 6,026
  • 3
  • 17
  • 40
  • 2
    Norbert thanks for the answer. My next question may not apply to redis sentinel but I believe it does. Won't sentinel return the IP of the pod instead of service if something was to change? I noticed this when trying to setup redis cluster and expose every pod with a service that it would return the pod ip instead of the service ip making it impossible/difficult/beyond my knowledge to use with kubernetes. Is there a way to get it working for that situation also? (Thinking about Redis cluster and things like Cassandra or Kafka) This may need a separate question – Josh Jan 02 '17 at 21:47
  • 1
    I actually run redis in kubernetes without sentinel: If redis is running as process 1 in the container (which it is when you use these containers), kubernetes does the job of sentinel (IMHO) for you already. – Norbert Jan 02 '17 at 22:56
  • 1
    Ever find a solution for the sentinel's returning back the redis master ClusterIP which is inaccessible outside of the cluster? – afreeland Mar 15 '18 at 02:02
  • were you able to get a work around on it ? I am facing similar issue – rajatsaurastri May 19 '20 at 14:02
  • We have abandoned redis in favour of aerospike. There are many failures in the redis HA part: It is for example not resistent to IP address failures leading. The aerospike setup is better: It manages to survive the dynamic behaviour of k8s much better – Norbert May 19 '20 at 15:43