Grey Matter uses Redis to persist data covering the state of the mesh. In a production deployment, we recommend using a managed Redis instance. This guide will walk you through necessary steps required to connect Grey Matter to an AWS ElastiCache Redis cluster.
We want to limit access to the Redis cluster to only services running in the EKS cluster. To do this, get the security group id for the AWS EKS nodes. Once this is identified, create a new security group and allow access on TCP port
6379 with a source of security group id found earlier.
Follow these instructions to deploy a new AWS ElastiCache Redis instance. Select the Redis settings that match your desired deployment. When selecting a security group be sure to select the security group created in the previous step.
The Grey Matter Control API and Catalog services are capable of persisting to Redis. Once the AWS ElastiCache Redis is deployed, we can configure Grey Matter to use the ElastiCache Redis by updating the following variables:
global.external_redis.host: the DNS of the AWS ElastiCache Redis node
global.external_redis.disabled: set to
false to not deploy a local Redis pod
If you enabled TLS on Redis, or added a default user password, you will need to provide the following settings in your
external_redis:disabled: falsehost: '<DNS name>'port: '6379'use_tls: falseca_cert_path: ''server_cert_path: ''server_key_path: ''pass: ''control_api_db: 0catalog_db: 1max_retries: 50retry_delay: '5s'
Grey Matter can now be deployed with the standard installation procedures.
You can verify that Grey Matter is successfully communicating with AWS ElastiCache Redis. Follow the steps before for verification:
Open an exec session to the JWT Redis instance, because it has the
kubectl exec -it jwt-redis-XXX -- sh
From that pod, run the following commands and verify that the following keys are present
redis-cli -h <dns of the Redis cluster>> keys *1) "control-api-image"2) "catalog-versionID"3) "catalog-zones"4) "control-api-versionID"