Tyk Can't Connect to Redis Instance on GCP

munroanna · May 6, 2023, 2:29am

I’m unable to connect to Redis from my Tyk deployment. I’m deploying Tyk in a GKE cluster in GCP. On the same network in GCP Memorystore, I have created a Redis instance with 2 read replicas.

I see the following repeated logs showing the Redis connection is not working (I enabled debug logs to see if it would have anything extra useful):

time="May 06 02:30:11" level=error msg="Redis health check failed" error="storage: Redis is either down or was not configured" liveness-check=true prefix=main
time="May 06 02:30:11" level=debug msg="No Primary instance found, assuming control" prefix=host-check-mgr
time="May 06 02:30:11" level=warning msg="Reconnecting storage: Redis is either down or was not configured" prefix=pub-sub

I set redis.enableCluster = false. And redis.addrs = [xxx.xx.xxx.x:6378]. I have in transit encryption enabled for the Redis instance and then redis.useSSL set to true.

I’m migrating my Tyk deployment from AWS to GCP. Previously, I had enableCluster=true and I had the redis.addrs = [clustercfg.xxx.xxx.usw2.cache.amazonaws.com:6379] and it worked great.

I can curl the read endpoint of my Redis instance from my pod, so I don’t feel it is a networking issue. I read some GCP docs and Tyk community forums but didn’t have any luck switching configurations or much else, hoping someone here might have an idea what could be wrong. Thanks!

zaid · May 6, 2023, 10:45pm

Hello @munroanna which version of redis are you using?

munroanna · May 7, 2023, 12:57am

Hey ! I’m using Redis version 5.0.

zaid · May 7, 2023, 1:10am

Can you hit the /hello endpoint on the gateway? What’s the response?

munroanna · May 7, 2023, 1:16am

Yes, it shows Redis failing:

{"status":"fail","version":"v4.0.0","description":"Tyk GW","details":{"redis":{"status":"fail","output":"storage: Redis is either down or was not configured","componentType":"datastore","time":"2023-05-07T01:15:41Z"}}}

Ubong · May 8, 2023, 8:21am

Hi @munroanna,

Please add ssl_insecure_skip_verify to your config and see if it helps?

If it doesn’t, can you share your tyk.conf?

munroanna · May 8, 2023, 6:44pm

Hi Ubong,

You are correct that it is a certificate issue. About in-transit encryption | Memorystore for Redis | Google Cloud . GCP In Transit Encryption with Redis requires I download the CA and install it on my client machine. I will look into doing that, and as a way to unblock myself, I am currently skipping cert validation. Thank you very much !