Skip to content

Commit

Permalink
Update Redis Docs (#595)
Browse files Browse the repository at this point in the history 
* Update Redis Docs

Signed-off-by: Shaad7 <[email protected]>

* Update changes

Signed-off-by: Shaad7 <[email protected]>

---------

Signed-off-by: Shaad7 <[email protected]>
  • Loading branch information
@AbdullahAlShaad
AbdullahAlShaad authored Jan 8, 2024
1 parent 26418aa commit e159023
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 170 deletions.
63 changes: 4 additions & 59 deletions docs/guides/redis/reconfigure-tls/sentinel.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -293,14 +293,9 @@ root@rd-sample-0:/data# redis-cli --tls --cert "/certs/client.crt" --key "/certs
1) "tls-cert-file"
2) "/certs/server.crt
root@rd-sample-0:/data# apt-get update; apt-get install openssl;
...
root@rd-sample-0:/data# openssl x509 -in /certs/ca.crt -inform PEM -subject -nameopt RFC2253 -noout
subject=O=kubedb,CN=redis
```

Now, we can connect using `CN=redis,O=kubedb` as root to connect to the redis and write some data
Now, we can connect using tls-certs to the redis and write some data

```bash
$ kubectl exec -it -n demo rd-sample-0 -c redis -- bash
Expand All @@ -321,33 +316,11 @@ OK

## Rotate Certificate

Now we are going to rotate the certificate of sentinel and database. First let's check the current expiration date of the certificate.

```bash
# Check Redis Certificate
$ kubectl exec -it -n demo rd-sample-0 -c redis -- bash
root@rd-sample-0:/data# apt-get update; apt-get install openssl;
...
root@rd-sample-0:/data# openssl x509 -in /certs/server.crt -inform PEM -enddate -nameopt RFC2253 -noout
notAfter=May 10 05:42:14 2023 GMT
# Check Sentinel Certificate
$ kubectl exec -it -n demo sen-demo-tls-0 -c redissentinel -- bash
root@sen-demo-tls-0:/data# apt-get update; apt-get install openssl;
...
root@sen-demo-tls-0:/data# openssl x509 -in /certs/server.crt -inform PEM -enddate -nameopt RFC2253 -noout
notAfter=May 10 05:41:19 2023 GMT
```

So, the redis certificate will expire on `May 10 05:42:14 2023 GMT` and sentinel certificate will expire on `notAfter=May 10 05:41:19 2023 GMT`.
Now we are going to rotate the certificate of sentinel and database.

### Create RedisOpsRequest

Now we are going to increase it using a RedisOpsRequest. Below is the yaml of the ops request that we are going to create,
Now we are going to rotate certificates using a RedisOpsRequest. Below is the yaml of the ops request that we are going to create,

```yaml
apiVersion: ops.kubedb.com/v1alpha1
Expand Down Expand Up @@ -389,23 +362,9 @@ rd-ops-rotate ReconfigureTLS Successful 5m5s

We can see from the above output that the `RedisOpsRequest` has succeeded.

Now, let's check the expiration date of the certificate.

```bash
$ kubectl exec -it -n demo rd-sample-0 -c redis -- bash
root@rd-sample-0:/data# apt-get update; apt-get install openssl;
...
root@rd-sample-0:/data# openssl x509 -in /certs/server.crt -inform PEM -enddate -nameopt RFC2253 -noout
notAfter=May 10 06:04:12 2023 GMT
```

As we can see from the above output, the certificate has been rotated successfully.

### Create RedisSentinelOpsRequest

Now we are going to increase it using a RedisOpsRequest. Below is the yaml of the ops request that we are going to create,
Now we are going to rotate certificates using a RedisOpsRequest. Below is the yaml of the ops request that we are going to create,

```yaml
apiVersion: ops.kubedb.com/v1alpha1
Expand Down Expand Up @@ -447,20 +406,6 @@ sen-ops-rotate ReconfigureTLS Successful 78s

We can see from the above output that the `RedisSentinelOpsRequest` has succeeded.

Now, let's check the expiration date of the certificate.

```bash
$ kubectl exec -it -n demo sen-demo-tls-0 -c redissentinel -- bash
root@rd-sample-0:/data# apt-get update; apt-get install openssl;
...
root@rd-sample-0:/data# openssl x509 -in /certs/server.crt -inform PEM -enddate -nameopt RFC2253 -noout
notAfter=May 10 06:10:43 2023 GMT
```

As we can see from the above output, the certificate has been rotated successfully.


## Remove TLS from the Database

Expand Down
54 changes: 4 additions & 50 deletions docs/guides/redis/reconfigure-tls/standalone.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,15 +233,9 @@ ca.crt client.crt client.key server.crt server.key
root@rd-sample-0:/data# redis-cli --tls --cert "/certs/client.crt" --key "/certs/client.key" --cacert "/certs/ca.crt" config get tls-cert-file
1) "tls-cert-file"
2) "/certs/server.crt
root@rd-sample-0:/data# apt-get update; apt-get install openssl;
...
root@rd-sample-0:/data# openssl x509 -in /certs/ca.crt -inform PEM -subject -nameopt RFC2253 -noout
subject=O=kubedb,CN=redis
```

Now, we can connect using `CN=redis,O=kubedb` as root to connect to the redis and write some data
Now, we can connect using tls-certs to connect to the redis and write some data

```bash
$ kubectl exec -it -n demo rd-sample-0 -c redis -- bash
Expand All @@ -262,23 +256,11 @@ OK

## Rotate Certificate

Now we are going to rotate the certificate of this database. First let's check the current expiration date of the certificate.

```bash
$ kubectl exec -it -n demo rd-sample-0 -c redis -- bash
root@rd-sample-0:/data# apt-get update; apt-get install openssl;
...
root@rd-sample-0:/data# openssl x509 -in /certs/server.crt -inform PEM -enddate -nameopt RFC2253 -noout
notAfter=May 9 09:27:06 2023 GMT
```

So, the certificate will expire on this time `May 9 09:27:06 2023 GMT`.
Now we are going to rotate the certificate of this database.

### Create RedisOpsRequest

Now we are going to increase it using a RedisOpsRequest. Below is the yaml of the ops request that we are going to create,
Now we are going to rotate certificates using a RedisOpsRequest. Below is the yaml of the ops request that we are going to create,

```yaml
apiVersion: ops.kubedb.com/v1alpha1
Expand Down Expand Up @@ -318,21 +300,7 @@ NAME TYPE STATUS AGE
rd-ops-rotate ReconfigureTLS Successful 5m5s
```

We can see from the above output that the `RedisOpsRequest` has succeeded.

Now, let's check the expiration date of the certificate.

```bash
$ kubectl exec -it -n demo rd-sample-0 -c redis -- bash
root@rd-sample-0:/data# apt-get update; apt-get install openssl;
...
root@rd-sample-0:/data# openssl x509 -in /certs/server.crt -inform PEM -enddate -nameopt RFC2253 -noout
notAfter=May 9 10:05:09 2023 GMT
```

As we can see from the above output, the certificate has been rotated successfully.
We can see from the above output that the `RedisOpsRequest` has succeeded.

## Change Issuer/ClusterIssuer

Expand Down Expand Up @@ -426,20 +394,6 @@ rd-change-issuer ReconfigureTLS Successful 4m65s

We can see from the above output that the `RedisOpsRequest` has succeeded.

Now, Lets exec into a database node and find out the ca subject to see if it matches the one we have provided.

```bash
$ kubectl exec -it -n demo rd-sample-0 -c redis -- bash
root@rd-sample-0:/data# apt-get update; apt-get install openssl;
...
root@rd-sample-0:/data# openssl x509 -in /certs/ca.crt -inform PEM -subject -nameopt RFC2253 -noout
subject=O=kubedb-updated,CN=ca-updated
```

We can see from the above output that, the subject name matches the subject name of the new ca certificate that we have created. So, the issuer is changed successfully.

## Remove TLS from the Database

Now, we are going to remove TLS from this database using a RedisOpsRequest.
Expand Down
16 changes: 1 addition & 15 deletions docs/guides/redis/tls/cluster.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,22 +159,8 @@ tls.crt: 1127 bytes
tls.key: 1679 bytes
```

Now, Lets exec into a redis container and find out the username to connect in a redis shell,

```bash
$ kubectl exec -it -n demo rd-tls-shard0-0 -c redis -- bash
root@rd-tls-shard0-0:/data# ls /certs
ca.crt client.crt client.key server.crt server.key
root@rd-tls-shard0-0:/data# apt-get update; apt-get install openssl;
...
root@rd-tls-shard0-0:/data# openssl x509 -in /certs/ca.crt -inform PEM -subject -nameopt RFC2253 -noout
subject=O=kubedb,CN=redis
```

Now, we can connect using `CN=redis,O=kubedb` as root to connect to the redis and write some data
Now, we can connect using tls-certs as root to connect to the redis and write some data

```bash
$ kubectl exec -it -n demo rd-tls-shard0-0 -c redis -- bash
Expand Down
31 changes: 1 addition & 30 deletions docs/guides/redis/tls/sentinel.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,21 +160,6 @@ tls.crt: 1127 bytes
tls.key: 1675 bytes
```

Now, Lets exec into a redis container and find out the username to connect in a redis shell,

```bash
$ kubectl exec -it -n demo sen-tls-0 -c redissentinel -- bash
root@sen-tls-0:/data# ls /certs
ca.crt client.crt client.key server.crt server.key
root@sen-tls-0:/data# apt-get update; apt-get install openssl;
...
root@sen-tls-0:/data# openssl x509 -in /certs/ca.crt -inform PEM -subject -nameopt RFC2253 -noout
subject=O=kubedb,CN=redis
```

## TLS/SSL encryption in Redis in Sentinel Mode

Below is the YAML for Redis in Sentinel Mode.
Expand Down Expand Up @@ -251,22 +236,8 @@ ca.crt: 1147 bytes
tls.crt: 1127 bytes
```

Now, Lets exec into a redis container and find out the username to connect in a redis shell,

```bash
$ kubectl exec -it -n demo rd-tls-0 -c redis -- bash
root@rd-tls-0:/data# ls /certs
ca.crt client.crt client.key server.crt server.key
root@rd-tls-0:/data# apt-get update; apt-get install openssl;
...
root@rd-tls-0:/data# openssl x509 -in /certs/ca.crt -inform PEM -subject -nameopt RFC2253 -noout
subject=O=kubedb,CN=redis
```

Now, we can connect using `CN=redis,O=kubedb` as root to connect to the redis and write some data
Now, we can connect using tls-certs connect to the redis and write some data

```bash
$ kubectl exec -it -n demo rd-tls-0 -c redis -- bash
Expand Down
17 changes: 1 addition & 16 deletions docs/guides/redis/tls/standalone.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,22 +155,7 @@ tls.crt: 1127 bytes
tls.key: 1675 bytes
```

Now, Lets exec into a redis container and find out the username to connect in a redis shell,

```bash
$ kubectl exec -it -n demo rd-tls-0 -c redis -- bash
root@rd-tls-0:/data# ls /certs
ca.crt client.crt client.key server.crt server.key
root@rd-tls-0:/data# apt-get update; apt-get install openssl;
...
root@rd-tls-0:/data# openssl x509 -in /certs/ca.crt -inform PEM -subject -nameopt RFC2253 -noout
subject=O=kubedb,CN=redis
```

Now, we can connect using `CN=redis,O=kubedb` as root to connect to the redis and write some data
Now, we can connect using tls certs to connect to the redis and write some data

```bash
$ kubectl exec -it -n demo rd-tls-0 -c redis -- bash
Expand Down

0 comments on commit e159023

Please sign in to comment.