Establish external routing on the RedisEnterpriseCluster
| Redis Enterprise for Kubernetes |
|---|
An Ingress is an API resource that provides a standardized and flexible way to manage external access to services running within a Kubernetes cluster.
kubernetes/ingress-nginx) is retired. Best-effort maintenance ended in March 2026 and the project no longer ships releases, bug fixes, or security updates. If you are not already using it, use HAProxy or Istio, or migrate to a Gateway API implementation.Install Ingress controller
Redis Enterprise for Kubernetes supports the Ingress controllers below:
- HAProxy
- Istio
- Ingress-NGINX (retired; existing deployments only)
OpenShift users can use routes instead of an Ingress.
Install your chosen Ingress controller, making sure ssl-passthrough is enabled. It is on by default for HAProxy and off by default for Ingress-NGINX. For Ingress-NGINX, start the controller with the --enable-ssl-passthrough flag.
Configure DNS
-
Choose the API hostname and database hostname suffix you will use, replacing
<placeholders>with your own values. The recommended formats are:- REC API hostname (
apiFqdnUrl):api-<rec-name>-<rec-namespace>.<subdomain> - Database hostname suffix (
dbFqdnSuffix):-db-<rec-name>-<rec-namespace>.<subdomain>
The operator appends each database name to
dbFqdnSuffixto build the per-database hostname. For example, a database namedmydbwith the suffix above resolves tomydb-db-<rec-name>-<rec-namespace>.<subdomain>. For the wildcard DNS record, use*in place of the database name followed by the suffix. - REC API hostname (
-
Retrieve the
EXTERNAL-IPof your Ingress controller'sLoadBalancerservice.$ kubectl get svc <haproxy-ingress | ingress-ngnix-controller> \ -n <ingress-ctrl-namespace>Below is example output for an HAProxy ingress controller running on a K8s cluster hosted by AWS.
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE haproxy-ingress LoadBalancer 10.43.62.53 a56e24df8c6173b79a63d5da54fd9cff-676486416.us-east-1.elb.amazonaws.com 80:30610/TCP,443:31597/TCP 21m -
Create DNS records to resolve your chosen REC API hostname and database hostname to the
EXTERNAL-IPfound in the previous step.
Edit the REC spec
Edit the RedisEnterpriseCluster (REC) spec to add the ingressOrRouteSpec field, replacing <placeholders> below with your own values.
NGINX or HAproxy ingress controllers
- Define the REC API hostname (
apiFqdnUrl) and database hostname suffix (dbFqdnSuffix) you chose when configuring DNS. - Set
methodtoingress. - Set
ssl-passthroughto "true". - Add any additional annotations required for your ingress controller. See NGINX docs or HAproxy docs for more information.
kubectl patch rec <rec-name> --type merge --patch "{\"spec\": \
{\"ingressOrRouteSpec\": \
{\"apiFqdnUrl\": \"api-<rec-name>-<rec-namespace>.example.com\", \
\"dbFqdnSuffix\": \"-db-<rec-name>-<rec-namespace>.example.com\", \
\"ingressAnnotations\": \
{\"kubernetes.io/ingress.class\": \"<ingress-controller>\", \
\"<ingress-controller-annotation>/ssl-passthrough\": \"true\"}, \
\"method\": \"ingress\"}}}"
Set <ingress-controller> to haproxy or nginx. The operator validates that ingressAnnotations includes kubernetes.io/ingress.class and is the only annotation key it requires; add any other controller-specific annotations alongside it.
OpenShift routes
- Define the REC API hostname (
apiFqdnUrl) and database hostname suffix (dbFqdnSuffix) you chose when configuring DNS. - Set
methodtoopenShiftRoute.
kubectl patch rec <rec-name> --type merge --patch "{\"spec\": \
{\"ingressOrRouteSpec\": \
{\"apiFqdnUrl\": \"api-<rec-name>-<rec-namespace>.example.com\" \
\"dbFqdnSuffix\": \"-db-<rec-name>-<rec-namespace>.example.com\", \
\"method\": \"openShiftRoute\"}}}"
OpenShift routes do not require any ingressAnnotations in the ingressOrRouteSpec.