Command를 통해 Redis ACL 설정하여 배포 + PVC 설정 #
1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: redis
5 namespace: redis-namespace
6spec:
7 replicas: 1
8 selector:
9 matchLabels:
10 app: redis
11 template:
12 metadata:
13 labels:
14 app: redis
15 spec:
16 containers:
17 - name: redis
18 image: redis:latest
19 ports:
20 - containerPort: 6379
21 command:
22 - sh
23 - '-c'
24 args:
25 - "nohup sh -c 'sleep 15 && redis-cli -a $REDIS_PASSWORD ACL SETUSER $REDIS_USERNAME on +@all ~* \\>$REDIS_PASSWORD' & redis-server --requirepass $REDIS_PASSWORD"
26 env:
27 - name: REDIS_USERNAME
28 valueFrom:
29 secretKeyRef:
30 name: redis-credentials
31 key: REDIS_USERNAME
32 - name: REDIS_PASSWORD
33 valueFrom:
34 secretKeyRef:
35 name: redis-credentials
36 key: REDIS_PASSWORD
37 volumeMounts:
38 - name: redis-data
39 mountPath: /data
40 volumes:
41 - name: redis-data
42 persistentVolumeClaim:
43 claimName: redis-pvc데이터 보존을 위한 PVC 생성 #
Persistent Volume 생성 #
1apiVersion: v1
2kind: PersistentVolume
3metadata:
4 name: redis-pv
5spec:
6 capacity:
7 storage: 5Gi
8 accessModes:
9 - ReadWriteOnce
10 persistentVolumeReclaimPolicy: Retain
11 hostPath:
12 path: /mnt/data/redisPersistent Volume Claim 생성 #
1apiVersion: v1
2kind: PersistentVolumeClaim
3metadata:
4 name: redis-pvc
5spec:
6 accessModes:
7 - ReadWriteOnce
8 resources:
9 requests:
10 storage: 5GiSecret 설정 #
1apiVersion: v1
2kind: Secret
3metadata:
4 name: redis-credentials
5 namespace: redis-namespace
6type: Opaque
7data:
8 # base64 인코딩된 값 (user와 password 값)
9 REDIS_USERNAME: YWRtaW4= # admin을 base64로 인코딩한 값
10 REDIS_PASSWORD: MTIzNQ== # 1235를 base64로 인코딩한 값Redis ACL 설정을 ConfigMap을 통해 Redis 배포 #
1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: redis
5 namespace: redis-namespace
6spec:
7 replicas: 1
8 selector:
9 matchLabels:
10 app: redis
11 template:
12 metadata:
13 labels:
14 app: redis
15 spec:
16 containers:
17 - name: redis
18 image: redis:latest
19 ports:
20 - containerPort: 6379
21 command:
22 - "redis-server"
23 - "--aclfile"
24 - "/etc/redis/redis.acl" # ACL 파일 경로 지정
25 volumeMounts:
26 - name: redis-acl-config
27 mountPath: /etc/redis
28 subPath: redis.acl
29 volumes:
30 - name: redis-acl-config
31 configMap:
32 name: redis-acl-configConfigMap 설정 #
1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: redis-acl-config
5 namespace: redis-namespace
6data:
7 redis.acl: |
8 # default 계정 No Password
9 user default on nopass ~* +@all
10
11 # admin 계정 Password 설정
12 user admin on >password ~* +@all
13
14 또는
15
16 # 모든 key 읽기 권한만 부여
17 user default on >password allkeys +@read
18
19 또는
20
21 # 관리자 계정
22 user default on +@all
23
24 # 사용자 계정 (readonly 권한)
25 user myuser on >password +@read
26
27 # 관리자 권한을 가진 사용자
28 user admin on >adminpassword +@allACL, Redis 설정 관련 ConfigMap을 통해 Command로 배포 #
1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: redis
5 namespace: redis-namespace
6spec:
7 replicas: 1
8 selector:
9 matchLabels:
10 app: redis
11 template:
12 metadata:
13 labels:
14 app: redis
15 spec:
16 containers:
17 - name: redis
18 image: redis:latest
19 ports:
20 - containerPort: 6379
21 command:
22 - sh
23 - '-c'
24 args:
25 - "nohup sh -c 'sleep 15 && redis-cli -a $REDIS_PASSWORD ACL SETUSER $REDIS_USERNAME on +@all ~* \\>$REDIS_PASSWORD' & redis-server /etc/redis/redis.conf --aclfile /etc/redis/redis.acl --requirepass $REDIS_PASSWORD"
26 env:
27 - name: REDIS_USERNAME
28 valueFrom:
29 secretKeyRef:
30 name: redis-credentials
31 key: REDIS_USERNAME
32 - name: REDIS_PASSWORD
33 valueFrom:
34 secretKeyRef:
35 name: redis-credentials
36 key: REDIS_PASSWORD
37 volumeMounts:
38 - name: redis-data
39 mountPath: /data
40 - name: redis-acl-config
41 mountPath: /etc/redis
42 subPath: redis.acl
43 - name: redis-config
44 mountPath: /etc/redis
45 subPath: redis.conf
46 volumes:
47 - name: redis-data
48 persistentVolumeClaim:
49 claimName: redis-pvc
50 - name: redis-acl-config
51 configMap:
52 name: redis-acl-config
53 - name: redis-config
54 configMap:
55 name: redis-configRedis ConfigMap 설정 #
1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: redis-config
5 namespace: redis-namespace
6data:
7 redis.conf: |
8 # Redis의 기본 설정 예시
9 save 900 1
10 save 300 10
11 save 60 10000
12
13 appendonly yes
14 appendfsync everysec
15
16 # 아래와 같이 ACL 파일 경로 설정하지 않는다면 command에서 실행
17 aclfile /etc/redis/redis.aclRedis ACL ConfigMap 설정 #
1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: redis-acl-config
5 namespace: redis-namespace
6data:
7 redis.acl: |
8 # default 계정 No Password
9 user default on nopass ~* +@all
10
11 # admin 계정 Password 설정
12 user admin on >password ~* +@all
13
14 또는
15
16 # 모든 key 읽기 권한만 부여
17 user default on >password allkeys +@read
18
19 또는
20
21 # 관리자 계정
22 user default on +@all
23
24 # 사용자 계정 (readonly 권한)
25 user myuser on >password +@read
26
27 # 관리자 권한을 가진 사용자
28 user admin on >adminpassword +@allAdvertisement