Redis Insight¶
Web UI for Redis, deployed per environment as a plain Deployment + Service + Ingress (no Helm chart). Each environment points at its own Redis instance (see Redis).
Argo CD Application¶
k8s/envs/<env>/middleware/redis-insight/application.yaml references the same Git repo and applies the manifest directly:
source:
repoURL: https://github.com/tomoda-labs/devops.git
path: k8s/envs/<env>/middleware/redis-insight
directory:
recurse: true
include: 'manifests.yaml'
destination:
namespace: data
The directory.include: 'manifests.yaml' filter keeps Argo from picking up the application.yaml itself as a child resource. Both envs land in the data namespace.
Manifest¶
manifests.yaml (one per env) is three small resources:
- Deployment — image
redis/redisinsight:latest, single replica, container port5540, resources 50m–200m CPU and 128Mi–256Mi memory. - Service — ClusterIP, port
80→ targetPort5540. - Ingress — Traefik class, TLS via cert-manager, oauth2-proxy middlewares.
The prod manifest names everything prod-redisinsight (Deployment, Service, Ingress) to keep the resources distinct from dev if both are ever observed in the same cluster view.
Ingress and auth¶
Same pattern as pgAdmin: the Ingress chains the sys-oauth2-proxy-errors and sys-oauth2-proxy-auth Traefik middlewares so every request is gated by oauth2-proxy + Google sign-in. The /oauth2 path routes to oauth2-proxy-redir for the callback. TLS certificates are stored in redisinsight-tls (dev) / redisinsight-prod-tls (prod).
| Env | Host | Stored as |
|---|---|---|
| dev | redis-dev.tomoda.life |
redisinsight-tls |
| prod | redis-prod.tomoda.life |
redisinsight-prod-tls |
Connecting to Redis¶
Redis Insight does not pre-register a connection — the operator adds one on first login. Use the in-cluster hostnames from the Redis page:
| Env | Host | Port |
|---|---|---|
| dev | redis-master.data.svc.cluster.local |
6379 |
| prod | prod-redis-master.data.svc.cluster.local |
6379 |
No password — auth.enabled is false on both Redis releases.
Operations¶
- Image bump —
redis/redisinsight:latestfloats. Pin to a digest if you need reproducibility; otherwise expect upstream pushes to roll the pod on next sync. - Reset —
kubectl -n data rollout restart deploy/redisinsight(orprod-redisinsight). Saved connections live in an ephemeral volume and are lost on restart, which is fine — re-add the in-cluster host. - Local-only access —
kubectl -n data port-forward svc/redisinsight 8080:80bypasses oauth2-proxy.