kubernetes - 如何在 helm 模板中为 redis 添加密码

Question

我已经描述了 redis 的 helm 模板”

apiVersion: apps/v1
kind: Deployment
metadata:
  name: "{{ .Values.rds.service.name }}"
  namespace: {{ .Values.environment.namespace }}
spec:
  selector:
    matchLabels:
      app: "{{ .Values.rds.service.name }}"
  template:
    metadata:
      labels:
        app: "{{ .Values.rds.service.name }}"
        component_type: "{{ .Values.component_type.name }}"
    spec:
      containers:
        - image: "{{ .Values.rds.docker.hub }}{{ .Values.rds.docker.image }}"
          name: "{{ .Values.rds.service.name }}"
          env:
            - name: REDIS_PASSWORD
              value: "9dtjger"
          ports:
            - containerPort: {{ toYaml .Values.rds.service.port | indent 5 }}
          resources:
            requests:
              memory: "{{ .Values.rds.resources.requests.memory }}"
              cpu: "{{ .Values.rds.resources.requests.cpu }}"
            limits:
              memory: "{{ .Values.rds.resources.limits.memory }}"
              cpu: "{{ .Values.rds.resources.limits.cpu }}"

---
apiVersion: v1
kind: Service
metadata:
  name: "{{ .Values.rds.service.name }}"
  namespace: "{{ .Values.environment.namespace }}"
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
    service.beta.kubernetes.io/aws-load-balancer-internal: "true"
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'
    service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
    service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: Department=sre,Team=engage-devops,Environment=ev-lab
    external-dns.alpha.kubernetes.io/hostname: {{ .Values.rds.service.name }}.{{ .Values.environment.namespace }}.lab.engage.ringcentral.com
spec:
  ports:
    - protocol: TCP
      port: {{ toYaml .Values.rds.service.port | indent 5 }}
  selector:
    app: "{{ .Values.rds.service.name }}"
  type: LoadBalancer

然后我通过 kubectl apply 部署了它:

kubectl -n mybanespace describe pod rds-5b6996bf-m6pbr 
Name:           rds-5b6996bf-m6pbr
Namespace:      okta-cc-6
Priority:       0
Node:           ip-10-8-29-49.eu-central-1.compute.internal/10.8.29.49
Start Time:     Mon, 03 Aug 2020 21:55:09 +0300
Labels:         app=rds
                component_type=evt
                pod-template-hash=5b6996bf
Annotations:    kubernetes.io/psp: eks.privileged
Status:         Running
IP:             10.8.29.39
IPs:            <none>
Controlled By:  ReplicaSet/rds-5b6996bf
Containers:
  rds:
    Container ID:   docker://3be73237324f8ba8c0a38420fceffcee65eb386e93afd8efa309212527761c74
    Image:          redis:6.0.6
    Image ID:       docker-pullable://redis@sha256:d86d6739fab2eaf590cfa51eccf1e9779677bd2502894579bcf3f80cb37b18d4
    Port:           6379/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Mon, 03 Aug 2020 21:55:14 +0300
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     40m
      memory:  100Mi
    Requests:
      cpu:     2m
      memory:  10Mi
    Environment:
      REDIS_PASSWORD:  9dtjger
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-78c7b (ro)

当我尝试使用密码连接到 Redis 时，如果我没有密码连接，我会收到错误消息 'Warning: AUTH failed' - connection successful。我不知道为什么密码在我使用时不起作用:

env:
   - name: REDIS_PASSWORD
     value: "9dtjger"

在本地 docker-compose 中，没有密码我无法连接。

如何在 Kubernetes 中为 Redis 设置密码？

Answer 1

您没有指定如何安装 Redis❓(Which Helm Chart)。基本上添加 --requirepass ${REDIS_PASSWORD}" 和 --masterauth ${REDIS_PASSWORD}" 应该做👌。

例如，如果您使用了 Bitnami Helm 图表，则可以使用 usePassword范围。然后在模板中，它被使用 here .

✌️<​​/p>