Hello.
Tyk is running in AWS EKS K8S cluster. Local single Redis pod is working fine. I am trying to move it to an AWS MemoryDB redis cluster.
When I have my MemoryDB redis cluster set to open access ("user default on nopass sanitize-payload ~* &* +@all"
) Tyk can connect to it and I can see all the keys when connecting via redis-cli
at the same time:
> keys *
1) "redis-test-03499c6e-8d15-4ee2-a72b-4cf75631b003"
2) "host-checker:PollerActiveInstanceID"
4) "redis-test-99e197d4-f8fc-49f6-a663-ce94dc4f76ad"
5) "redis-test-a64494a4-779b-4cc3-a94b-1ac7067b1969"
6) "tyk-liveness-probe"
7) "redis-test-377acecf-2da7-414c-b66b-153948123e75"
8) "redis-test-085cbef2-c294-460c-9721-64fbd89debcb"
When I configure an ACL user in AWS, I can still connect and do everything via redis-cli
but Tyk is stuck trying to connect to redis.
"user myuser on sanitize-payload #0000000000000000000000000000000000000000000000000000000000000000 ~* resetchannels +@all"
Tyk log in this case:
time="Jan 11 14:33:34" level=error msg="Redis health check failed" error="storage: Redis is either down or was not configured" liveness-check=true prefix=main
time="Jan 11 14:33:34" level=debug msg="No Primary instance found, assuming control" prefix=host-check-mgr
time="Jan 11 14:33:34" level=error msg="cannot set key in pollerCacheKey" error="storage: Redis is either down or was not configured"
time="Jan 11 14:33:34" level=error msg="Connection to Redis failed, reconnect in 10s" error="storage: Redis is either down or was not configured" prefix=pub-sub
tyk.conf storage:
"storage": {
"type": "redis",
"enable_cluster": true,
"addrs": [ "clustercfg. <endpoint > .memorydb.us-west-2.amazonaws.com:6379" ],
"username": "myuser",
"password": "<pwd>",
"use_ssl": true,
"database": 0,
"optimisation_max_idle": 6000,
"optimisation_max_active": 10000
},
I also have the following set up for the Tyk pod.:
- name: REDIGOCLUSTER_SHARDCOUNT
value: "256"
Again, if MemoryDB is set to the default open-access
ACL mode and no username and pw is configured in tyk.con for redis storage:
"username": "",
"password": "",
It works perfectly.
Any help is appreciated. Thanks!