Store Redis Enterprise configuration items in Kubernetes Secrets for automatic updates and secure management.
| Redis Enterprise for Kubernetes |
|---|
You can store Redis Enterprise configuration items in Kubernetes Secrets for automatic updates and secure management. When you update these Secrets, the operator immediately reads the changes and propagates them to the Redis Enterprise Cluster (REC).
Redis Enterprise clusters require a valid license. You can apply licenses using Kubernetes Secrets (recommended) or embed them directly in the cluster specification.
To configure licensing, you need your Redis Enterprise cluster's fully qualified domain name (FQDN). Use this format: <REC-name>.<namespace>.svc.cluster.local
For example: my-rec.my-ns.svc.cluster.local
Create a secret from your license file:
kubectl -n <namespace> create secret generic rec-license --from-file=license=./license.txt
Add the secret reference to your REC specification:
spec:licenseSecretName:rec-licenseAlternatively, you can embed the license directly in the REC YAML:
spec:nodes:3license:| ----- LICENSE START -----
eai14c/y6XNVykffDQSPUsHKcmpgOFUlmyTBDUEZEz+GLbXAgQFOmxcdbR9J
...remaining license key content...
----- LICENSE END -----|) after license: and maintain proper indentation.You can store TLS certificates in Kubernetes Secrets to secure communication between clients and Redis Enterprise databases.
Create a secret with your client certificate:
kubectl -n <namespace> create secret generic client-cert-secret --from-file=cert=<path-to-cert>
Add the secret to your REDB using the clientAuthenticationCertificates property. See Add client certificates for details.
To configure certificates for proxy, API, or other services, create secrets with certificate and key files:
kubectl create secret generic <secret-name> \
--from-file=certificate=</PATH/TO/certificate.pem> \
--from-file=key=</PATH/TO/key.pem> \
--from-literal=name=<proxy | api | cm | syncer | metrics_exporter>
--from-file to avoid manual base64 encoding.