Deployment and Operations

Installing and Configuring Redis Datastore for Storing Session Data, Security Tokens, and More

Learn about Redis datastore configuration for deployment of Cloudentity platform.

Redis Datastore Overview

Redis (which stands for Remote Dictionary Server) is an open-source, in-memory key-value data store. It is often used as a cache or a message broker, but its versatility makes it suitable for a wide variety of use cases.

One of the main advantages of Redis is its performance. Because it stores all of its data in memory, it can perform operations very quickly, making it well suited for real-time applications or applications that require low-latency data access. Additionally, Redis supports a variety of data structures, including strings, hashes, lists, sets, and sorted sets, which makes it easy to work with different types of data.

Redis also has built-in support for data replication and persistence, which means that it can automatically replicate data to one or more slave servers, providing a level of fault tolerance. Additionally, Redis supports a feature called persistence that allows data to be saved to disk, so that it can be reloaded in the event of a failure.

Another important feature is Redis Cluster which allows for sharding of the data across multiple Redis instances to improve performance and scalability. Redis Cluster allows you to automatically shard data across multiple Redis instances. This means that your data is automatically split up into small chunks and distributed across multiple servers, so that each server only stores a portion of the data. This allows you to scale your Redis deployment horizontally, by simply adding more servers as needed, rather than vertically, by adding more memory or CPU to a single server.

Why Redis

The Cloudentity platform uses Redis to store a variety of data types that are well-suited for key-value storage. This includes security tokens such as access tokens, which grant users access to protected resources, and identity tokens, which provide information about the user’s identity.

Refresh Tokens

By default, Cloudentity stores refresh tokens inside the SQL database (CockroachDB). It is controlled by setting the enabled option to true in the storage.refresh_tokens section of your Cloudentity deployment configuration.

If you wish, you may disable this setting to store refresh token in the Redis datastore. Remember that if you don’t have data replication and persistance properly set up, you may loose the tokens in cases when your Redis deployment goes down.

Redis is also used to store session information, which is crucial for maintaining user state across multiple requests. This can include various session types such as user sessions, admin sessions and temporary sessions. In addition, Redis is used to store authorization codes, which are short-lived and single-use codes that are used in the authorization grant flow of OAuth 2.0 protocol.

Redis is an ideal choice for storing this type of data due to its high performance, scalability, and ability to handle large amounts of data with low latency. It’s also very simple to use and provides a wide range of data structures such as lists, sets, and sorted sets, which makes it easy to store and retrieve the data efficiently.

Redis Installation

Remember

For the Cloudentity platform to work, Redis installation and configuration is required.

At Cloudentity, to install and configure Redis, we use Helm - a popular package manager for Kubernetes that allows users to easily install and configure complex software such as Redis on a Kubernetes cluster. By using Helm to install Redis, users can take advantage of several benefits that make the process of deploying and managing Redis much simpler and more efficient.

Firstly, Helm provides a convenient way to define and manage the configuration of Redis, including the number of nodes, storage settings, and networking settings, in a single, easy-to-read file called a chart. This makes it easy to understand and modify the configuration of Redis as needed.

Additionally, Helm provides the ability to manage and upgrade the Redis deployment in a controlled and repeatable way, this means that any updates or upgrades to the Redis software can be easily rolled out to the cluster in a predictable manner, avoiding any possible disruption to the service.

When you install the Cloudentity plafrom on Kubernetes using Helm Charts, you can see that the Redis dependency is included in our kube-acp-stack Helm Chart.

Remember

Cloudentity does not provide any support for the below solutions that do not include self-hosting of Redis Datastore and does not guarantee full compability with them.

Alternatively, if you do not want to host your own instance running Redis, you can consider using one of following solutions:

Redis Cluster Version Recommendation

Datastore: 6.2.7 Helm chart: 7.6.4

Redis Enterprise Version Recommendation

Datastore: 6.2.18-65 Operator: 6.2.18-41

Supported Redis Versions

  • 6.2.x

Redis 7.x

Redis 7.x is not currently supported.

Configure Redis Dependency

If you wish to configure the connection between the Cloudentity platform and Redis, and configure the datastore installation itself, configure the values.yaml file for your Cloudentity deployment and apply the changes.

Configure Connection Between Cloudentity Platform and Redis Datastore

If you need to configure the connection between the Cloudentity platform and Redis:

  1. Refer to the redis (redis client) section of the Cloudentity Platform Configuration Reference to learn about available configuration options.

  2. Change the configuration for the connection in the redis-cluster section of the Cloudentity Platform values.yaml file for your deployment.

  3. Apply the changes to your deployment.

Configure Redis Datastore

If you need to configure the deployment of the Redis datastore itself:

  1. Refer to the redis-cluster values.yaml file to see available configuration options.

  2. Change the configuration for the datastore in the config.data.redis section of the values.yaml file for your deployment.

  3. Apply the changes to your deployment.

Redis Configuration Example

Below, you can find a sample configuration for the connection between the Cloudentity platform and Redis datastore in the redis-cluster section of the values.yaml:

redis-cluster:
  enabled: true
  cluster:
    nodes: 3
    replicas: 0
  password: p@ssw0rd!
  redis:
    configmap: |
            loadmodule /redismodules/redisearch.so OSS_GLOBAL_PASSWORD p@ssw0rd!
    initContainers:
      - name: redismodules
        image: alpine
        command: [
          "sh",
          "-c",
          "wget <https://cloudentity-redisearch.s3.amazonaws.com/redisearch-oss-coord-v2.4.15.so> -O /redismodules/redisearch.so &&
          chmod +x /redismodules/redisearch.so"
        ]
        volumeMounts:
          - mountPath: /redismodules
            name: redismodules
    extraVolumes:
      - name: redismodules
        emptyDir: {}
    extraVolumeMounts:
      - mountPath: /redismodules
        name: redismodules

and a corresponding configuration for the Redis Datastore itself in the acp.config.data.redis and acp.secretConfig.data.redis sections of the values.yaml file:

acp:
  enabled: true
  secretConfig:
    data:
      redis:
        password: p@ssw0rd!
        addrs:
          - "acp-redis-cluster-headless:6379"
          - "acp-redis-cluster-headless:6379"
  config:
    data:
      redis:
        redis_search: true

The above configuration changes result with the following:

  • with a configmap provided for the Cloudentity Platform and populated with the following values:

        redis:
          enabled: true
    
  • with an extraconfig.yaml with your additional values.

    You can treat those values as source to merge with/override values defined inside the config.yaml file for Cloudentity platform deployment.

    redis:
      redis_search: true
    
  • with connection defails for Redis kept in a Kubernetes secret.

    redis:
      addrs:
      - acp-redis-cluster-headless:6379
      - acp-redis-cluster-headless:6379
      password: p@ssw0rd!
    system:
      secret: 123456789abcdefg123456789abcdefg
    

    Note that this is a part of secret instead of the configmap, because those values were set inside secretConfig section.

Troubleshooting Issues With Redis

If your Cloudentity plaform Redis address setup is not set correctly, the Cloudentity platform won’t start and you will see the log message similar to:

{"error":"failed to create redis client: failed to get redis info: dial tcp 1.0.0.0:1: connect: connection refused","level":"fatal","msg":"failed to create storage"}

If your connection between Cloudentity and Redis is missconfigured with, for example, an incorrect password, you will see a log message similar to the following:

{"error":"failed to create redis client: failed to get redis info: ERR no responses received","level":"fatal","msg":"failed to create storage"}

When the Cloudentity platform is able to connect to Redis, but rest of the configuration is incorrect, you will see the log message similar to the following:

{"error":"failed to create redis client: failed to get redis info: ERR unknown command `FT.INFO`, with args beginning with: `default-index`, ","level":"fatal","msg":"failed to create storage"}
Updated: Jan 12, 2023