Redis Operator

A Juju charm deploying and managing Redis on Kubernetes.

Overview

The Redis operator provides in-memory data structure store, used as a database, cache, and message broker. This repository contains a Juju Charm for deploying Redis on Kubernetes clusters.

Usage

To deploy this charm using Juju 2.9.0 or later, run:

juju deploy redis-k8s --channel edge

Once Redis starts up it will be running on its default port, 6379. To check it you run:

juju status

To discover the IP Redis is running behind. The output will have lines like:

Unit          Workload  Agent  Address     Ports  Message
redis-k8s/0*  active    idle   10.1.31.23

To retrieve the password to access the database, use the get-initial-admin-password action:

juju run-action redis-k8s/0 get-initial-admin-password --wait

Then, from your local machine, you can:

redis-cli -h 10.1.31.23 -a <password> PING

Enabling TLS encryption

The charm has Redis TLS support. Three resources are needed:

ca-cert-file: CA certificate
cert-file: X.509 certificate
key-file: private key

User provided files are accepted. Alternatively, the testing script located on tests/gen-test-certs.sh can be used to generate the certificates:

# The script will create tests/tls/ folders and place the files there.
./gen-tesst-certs.sh

To attach generated files as resources:

juju attach-resource redis-k8s ca-cert-file=tests/tls/ca.crt
juju attach-resource redis-k8s cert-file=tests/tls/redis.crt
juju attach-resource redis-k8s key-file=tests/tls/redis.key

After attaching the files, enable TLS with:

juju config redis-k8s enable-tls=true

Once the application is on an active|idle status, you can test connection from your local machine:

redis-cli -h <host> -a <password> --tls --cacert ./tests/tls/ca.crt PING

Docs

Docs can be found at https://charmhub.io/redis-k8s/docs?channel=edge

Libraries