Using ElastiCache Redis

Grey Matter uses Redis to persist data covering the state of the mesh. In a production deployment, we recommend using a managed Redis instance. This guide will walk you through necessary steps required to connect Grey Matter to an AWS ElastiCache Redis cluster.

Create a Security Group

We want to limit access to the Redis cluster to only services running in the EKS cluster. To do this, get the security group id for the AWS EKS nodes. Once this is identified, create a new security group and allow access on TCP port 6379 with a source of security group id found earlier.

Launch AWS ElastiCache Redis

Follow these instructions to deploy a new AWS ElastiCache Redis instance. Select the Redis settings that match your desired deployment. When selecting a security group be sure to select the security group created in the previous step.

Configure Grey Matter to Use AWS ElastiCache Redis

The Grey Matter Control API and Catalog services are capable of persisting to Redis. Once the AWS ElastiCache Redis is deployed, we can configure Grey Matter to use the ElastiCache Redis by updating the following variables:

  • global.external_redis.host: the DNS of the AWS ElastiCache Redis node

  • global.external_redis.disabled: set to false to not deploy a local Redis pod

Advanced Settings

If you enabled TLS on Redis, or added a default user password, you will need to provide the following settings in your global.yaml file:

external_redis:
disabled: false
host: '<DNS name>'
port: '6379'
use_tls: false
ca_cert_path: ''
server_cert_path: ''
server_key_path: ''
pass: ''
control_api_db: 0
catalog_db: 1
max_retries: 50
retry_delay: '5s'

Deploy Grey Matter

Grey Matter can now be deployed with the standard installation procedures.

Verification

You can verify that Grey Matter is successfully communicating with AWS ElastiCache Redis. Follow the steps before for verification:

Open an exec session to the JWT Redis instance, because it has the redis-cli installed

kubectl exec -it jwt-redis-XXX -- sh

From that pod, run the following commands and verify that the following keys are present

redis-cli -h <dns of the Redis cluster>
> keys *
1) "control-api-image"
2) "catalog-versionID"
3) "catalog-zones"
4) "control-api-versionID"