Redis Configuration

If you are planning to run ITX Runtime Server instances in fenced mode (which includes the V2 mode) or run maps asynchronously, you must install Redis prior to installing ITX Runtime Server.

A Redis server installation is not included and must be obtained separately. Ensure that the Redis server which you install comes from a reputable source that you trust. Redis server version 7.0.11 was validated with this version of ITX Runtime Server. This version or later is the recommended version to use. Older Redis server versions may not function as expected when combined with this product and may need to be upgraded before they can be used.

The installed Redis server must be accessible to all ITX Runtime Server pods, at the same host URL and port, which means it must be accessible to all worker nodes to which ITX Runtime Server pods are deployed.

If the selected Redis server installation requires a password for authentication, you must create a Kubernetes Secret object with the password to use for connecting to Redis. The name of the secret is given by itxRedis.password.secret. The key within the secret which contains the password is given by itxRedis.password.key. See the documentation of your Kubernetes platform for information on creating Secret objects and configuring secure cluster secret storage.

Communication with a Redis server which uses TLS is supported. Both mutual and non-mutual TLS are supported. TLS is enabled by setting itxRedis.tls.enabled to true. The configuration of the external Redis server determines if mutual authentication is required.

For non-mutual and mutual TLS, a Kubernetes ConfigMap must be used to provide the trust store that is used by the ITX Redis clients to authenticate the Redis server. The name of the ConfigMap is given by itxRedis.tls.clientCaConfigMap. The key within the ConfigMap which provides a PEM trust store is given by itxRedis.tls.certCAFilename. See the documentation of your Kubernetes platform for information on creating ConfigMap objects.

For mutual TLS, a Kubernetes Secret must be used to provide a client certificate and private key. The name of the Secret is given by itxRedis.tls.clientSecret. The key which provides the client certificate PEM file is given by itxRedis.tls.certFilename. The key which provides the client private key PEM file is given by itxRedis.tls.certKeyFilename.