Tyk 4.1 not connecting to AWS MemoryDB when ACL username+pass is set

Support
, ,
1

Hello.

Tyk is running in AWS EKS K8S cluster. Local single Redis pod is working fine. I am trying to move it to an AWS MemoryDB redis cluster.

When I have my MemoryDB redis cluster set to open access ("user default on nopass sanitize-payload ~* &* +@all") Tyk can connect to it and I can see all the keys when connecting via redis-cli at the same time:

> keys *
1) "redis-test-03499c6e-8d15-4ee2-a72b-4cf75631b003"
2) "host-checker:PollerActiveInstanceID"
4) "redis-test-99e197d4-f8fc-49f6-a663-ce94dc4f76ad"
5) "redis-test-a64494a4-779b-4cc3-a94b-1ac7067b1969"
6) "tyk-liveness-probe"
7) "redis-test-377acecf-2da7-414c-b66b-153948123e75"
8) "redis-test-085cbef2-c294-460c-9721-64fbd89debcb"

When I configure an ACL user in AWS, I can still connect and do everything via redis-cli but Tyk is stuck trying to connect to redis.

"user myuser on sanitize-payload #0000000000000000000000000000000000000000000000000000000000000000 ~* resetchannels +@all"

Tyk log in this case:


time="Jan 11 14:33:34" level=error msg="Redis health check failed" error="storage: Redis is either down or was not configured" liveness-check=true prefix=main
time="Jan 11 14:33:34" level=debug msg="No Primary instance found, assuming control" prefix=host-check-mgr
time="Jan 11 14:33:34" level=error msg="cannot set key in pollerCacheKey" error="storage: Redis is either down or was not configured"
time="Jan 11 14:33:34" level=error msg="Connection to Redis failed, reconnect in 10s" error="storage: Redis is either down or was not configured" prefix=pub-sub

tyk.conf storage:

"storage": {
        "type": "redis",
        "enable_cluster": true,
        "addrs": [ "clustercfg. <endpoint > .memorydb.us-west-2.amazonaws.com:6379" ],
        "username": "myuser",
        "password": "<pwd>",
        "use_ssl": true,
        "database": 0,
        "optimisation_max_idle": 6000,
        "optimisation_max_active": 10000
      },

I also have the following set up for the Tyk pod.:

          - name: REDIGOCLUSTER_SHARDCOUNT
            value: "256"

Again, if MemoryDB is set to the default open-access ACL mode and no username and pw is configured in tyk.con for redis storage:

"username": "",
"password": "",

It works perfectly.

Any help is appreciated. Thanks!

2

Hi @VikingPingvin,

Welcome to the community. :tada:

I’m afraid MemoryDB is not officially supported by Tyk.

This might be a compatibility issue, maybe something to do with encoding/encryption, but I cannot say for sure.

1 Like
3

Hi!

Thanks for the reply!
I saw mentions for Elasticache in Tyk docs, so I just assumed it could work.

I will try it with that.

4

Hi @Ubong

I tried it with a basic Elasticache in AWS.
No ACL, Encryption in transit is enabled.
Same error.

"storage": {
        "type": "redis",
        "enable_cluster": false,
        "addrs": [ "master.<endpoint>.usw2.cache.amazonaws.com" ],
        "port": 6379,
        "username": "",
        "password": "",
        "use_ssl": true,
        "database": 0,
        "optimisation_max_idle": 2000,
        "optimisation_max_active": 4000
      },

Can this be related to Redis encryption in transit doesn't work · Issue #4613 · TykTechnologies/tyk · GitHub ?
Thanks.

5

Hi @VikingPingvin,

I see, in the Github issue, that you’ve been able to get it working :raised_hands:

I’m adding the solution(s) for visibility:

  • Tyk supports Redis 2.8.x to 6.0.x (see reference)
  • Set ssl_insecure_skip_verify: true in storage section of the config
6

HI @VikingPingvin , I am also interested in using AWS Elasticache for REDIS
It’s been 10 months since you posted this, is it still working for you? Are there any caveats? Would you recommend it?

7

Hi @Ubong , could you please provide a link to the Github issue? I would like to follow the conversation since i’m working on this right now.

8

Hi @Jonathan_Gurwitz,

Its just above.