K
Q

how to make kuberbetes external can access the redis cluster?

8/24/2018

I built a redis cluster in kubernets. The redis cluster was maliciously accessed inside kubernetes, but when I tried to access the redis cluster outside kubernetes, the following problem occurred, Redis can only read or write to the currently connected redis.When I use cluster nodes to view redis cluster information, it can be displayed correctly.

This is my statefulset.yaml

apiVersion: apps/v1beta1
kind: StatefulSet
metadata:
  name: redis-cluster-node
spec:
  serviceName: "redis-cluster-svc"
  replicas: 6
  template:
    metadata:
      labels:
        name: redis-cluster-node
        app: redis
    spec:
      hostNetwork: false
      dnsPolicy: ClusterFirstWithHostNet
      terminationGracePeriodSeconds: 10
      imagePullSecrets:
        - name: registrykey
      containers:
      - name: redis-cluster-node
        image: redis-cluster:latest
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 6380
        env:
        - name: MODE
          value: "cluster"
        - name: REDIS_CLUSTER_REPLICAS
          value: 6
        - name: LOG_LEVEL
          value: 0
        - name: REDIS_PORT
          value: 6380
        - name: MY_POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
        - name: MY_POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: MY_POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace

This is my service

apiVersion: v1
kind: Service
metadata:
  name: redis-cluster-svc-np
  labels:
    name: redis-cluster-svc-np
    app: redis
spec:
  ports:
  - port: 6380
    targetPort: 6380
    nodePort: 30079
  type: NodePort
  selector:
    name: redis-cluster-node

Cluster internal access redis

Cluster external access redis

So, how to make kuberbetes external can also access the redis cluster?

-- Venurs
kubernetes
redis

Similar Questions

Persistent Volumes & Claims & Replicas in Helm recommended approach
Kuberntes SSL for Service of Type LoadBalancer
Prometheus + Kubernetes metrics coming from wrong scrape job
Understanding --master-ipv4-cidr when provisioning private GKE clusters
how to access external service using the minikube host's public ip address
Kubernets HPA properties to finetune the iniatial startup pod counts

1 Answer

8/25/2018

In your service manifest, change the type to LoadBalancer and add the loadBalancerSourceRanges field to restrict access to certain set of IPs. CIDR notation is used for listing the IP address ranges.

apiVersion: v1
kind: Service
metadata:
  name: redis-cluster-svc-np
  labels:
    name: redis-cluster-svc-np
    app: redis
spec:
  ports:
  - port: 6380
    targetPort: 6380
    nodePort: 30079
  type: LoadBalancer
  selector:
    name: redis-cluster-node
  loadBalancerSourceRanges:
    - 100.100.100.100/32
    - 10.1.1.1/24

Make sure you add the cluster IP range to allows Redis accessible from inside the cluster.

-- Shiva
Source: StackOverflow