dapr
/
docs
mirror of https://github.com/dapr/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4245 from hhunter-ms/issue_4120 

Add EntraID support for Azure Cache for Redis
This commit is contained in:
Hannah Hunter 2024-07-09 15:01:19 -04:00 committed by GitHub
parent aad39ecfa4 c37e95cd58
commit 62d706b20b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 180 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
daprdocs/content/en/reference/components-reference/supported-bindings/redis.md
View File

@ -24,6 +24,8 @@ spec:
value: "<address>:6379"
- name: redisPassword
value: "**************"
- name: useEntraID
value: "true"
- name: enableTLS
value: "<bool>"
```
@ -39,6 +41,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| `redisHost` | Y | Output | The Redis host address | `"localhost:6379"` |
| `redisPassword` | Y | Output | The Redis password | `"password"` |
| `redisUsername` | N | Output | Username for Redis host. Defaults to empty. Make sure your redis server version is 6 or above, and have created acl rule correctly. | `"username"` |
| `useEntraID` | N | Output | Implements EntraID support for Azure Cache for Redis. Before enabling this: <ul><li>The `redisHost` name must be specified in the form of `"server:port"`</li><li>TLS must be enabled</li></ul> Learn more about this setting under [Create a Redis instance > Azure Cache for Redis]({{< ref "#create-a-redis-instance" >}}) | `"true"`, `"false"` |
| `enableTLS` | N | Output | If the Redis instance supports TLS with public certificates it can be configured to enable or disable TLS. Defaults to `"false"` | `"true"`, `"false"` |
| `failover` | N | Output | Property to enabled failover configuration. Needs sentinalMasterName to be set. Defaults to `"false"` | `"true"`, `"false"`
| `sentinelMasterName` | N | Output | The sentinel master name. See [Redis Sentinel Documentation](https://redis.io/docs/reference/sentinel-clients/) | `""`, `"127.0.0.1:6379"`
@ -160,7 +163,7 @@ Dapr can use any Redis instance - containerized, running on your local dev machi
*Note: Dapr does not support Redis >= 7. It is recommended to use Redis 6*
{{< tabs "Self-Hosted" "Kubernetes" "AWS" "GCP" "Azure">}}
{{< tabs "Self-Hosted" "Kubernetes" "AWS" "Azure" "GCP" >}}
{{% codetab %}}
The Dapr CLI will automatically create and setup a Redis Streams instance for you.
@ -203,11 +206,36 @@ You can use [Helm](https://helm.sh/) to quickly create a Redis instance in our K
{{% /codetab %}}
{{% codetab %}}
[GCP Cloud MemoryStore](https://cloud.google.com/memorystore/)
1. [Create an Azure Cache for Redis instance using the official Microsoft documentation.](https://docs.microsoft.com/azure/azure-cache-for-redis/quickstart-create-redis)
1. Once your instance is created, grab the Host name (FQDN) and your access key from the Azure portal.
- For the Host name:
- Navigate to the resource's **Overview** page.
- Copy the **Host name** value.
- For your access key:
- Navigate to **Settings** > **Access Keys**.
- Copy and save your key.
1. Add your key and your host name to a `redis.yaml` file that Dapr can apply to your cluster.
- If you're running a sample, add the host and key to the provided `redis.yaml`.
- If you're creating a project from the ground up, create a `redis.yaml` file as specified in [the Component format section](#component-format).
1. Set the `redisHost` key to `[HOST NAME FROM PREVIOUS STEP]:6379` and the `redisPassword` key to the key you saved earlier.
**Note:** In a production-grade application, follow [secret management]({{< ref component-secrets.md >}}) instructions to securely manage your secrets.
1. Enable EntraID support:
- Enable Entra ID authentication on your Azure Redis server. This may takes a few minutes.
- Set `useEntraID` to `"true"` to implement EntraID support for Azure Cache for Redis.
1. Set `enableTLS` to `"true"` to support TLS.
> **Note:**`useEntraID` assumes that either your UserPrincipal (via AzureCLICredential) or the SystemAssigned managed identity have the RedisDataOwner role permission. If a user-assigned identity is used, [you need to specify the `azureClientID` property]({{< ref "howto-mi.md#set-up-identities-in-your-component" >}}).
{{% /codetab %}}
{{% codetab %}}
[Azure Redis](https://docs.microsoft.com/azure/azure-cache-for-redis/quickstart-create-redis)
[GCP Cloud MemoryStore](https://cloud.google.com/memorystore/)
{{% /codetab %}}
{{< /tabs >}}

96
daprdocs/content/en/reference/components-reference/supported-configuration-stores/redis-configuration-store.md
View File

@ -24,9 +24,10 @@ spec:
value: <address>:6379
- name: redisPassword
value: **************
- name: useEntraID
value: "true"
- name: enableTLS
value: <bool>
```
{{% alert title="Warning" color="warning" %}}
@ -38,32 +39,33 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| Field | Required | Details | Example |
|--------------------|:--------:|---------|---------|
| redisHost | Y | Output | The Redis host address | `"localhost:6379"` |
| redisPassword | Y | Output | The Redis password | `"password"` |
| redisUsername | N | Output | Username for Redis host. Defaults to empty. Make sure your Redis server version is 6 or above, and have created acl rule correctly. | `"username"` |
| enableTLS | N | Output | If the Redis instance supports TLS with public certificates it can be configured to enable or disable TLS. Defaults to `"false"` | `"true"`, `"false"` |
| failover | N | Output | Property to enabled failover configuration. Needs sentinelMasterName to be set. Defaults to `"false"` | `"true"`, `"false"`
| sentinelMasterName | N | Output | The Sentinel master name. See [Redis Sentinel Documentation](https://redis.io/docs/reference/sentinel-clients/) | `""`, `"127.0.0.1:6379"`
| redisType | N | Output | The type of Redis. There are two valid values, one is `"node"` for single node mode, the other is `"cluster"` for Redis cluster mode. Defaults to `"node"`. | `"cluster"`
| redisDB | N | Output | Database selected after connecting to Redis. If `"redisType"` is `"cluster"`, this option is ignored. Defaults to `"0"`. | `"0"`
| redisMaxRetries | N | Output | Maximum number of times to retry commands before giving up. Default is to not retry failed commands. | `"5"`
| redisMinRetryInterval | N | Output | Minimum backoff for Redis commands between each retry. Default is `"8ms"`; `"-1"` disables backoff. | `"8ms"`
| redisMaxRetryInterval | N | Output | Maximum backoff for Redis commands between each retry. Default is `"512ms"`;`"-1"` disables backoff. | `"5s"`
| dialTimeout | N | Output | Dial timeout for establishing new connections. Defaults to `"5s"`. | `"5s"`
| readTimeout | N | Output | Timeout for socket reads. If reached, Redis commands fail with a timeout instead of blocking. Defaults to `"3s"`, `"-1"` for no timeout. | `"3s"`
| writeTimeout | N | Output | Timeout for socket writes. If reached, Redis commands fail with a timeout instead of blocking. Defaults is readTimeout. | `"3s"`
| poolSize | N | Output | Maximum number of socket connections. Default is 10 connections per every CPU as reported by runtime.NumCPU. | `"20"`
| poolTimeout | N | Output | Amount of time client waits for a connection if all connections are busy before returning an error. Default is readTimeout + 1 second. | `"5s"`
| maxConnAge | N | Output | Connection age at which the client retires (closes) the connection. Default is to not close aged connections. | `"30m"`
| minIdleConns | N | Output | Minimum number of idle connections to keep open in order to avoid the performance degradation associated with creating new connections. Defaults to `"0"`. | `"2"`
| idleCheckFrequency | N | Output | Frequency of idle checks made by idle connections reaper. Default is `"1m"`. `"-1"` disables idle connections reaper. | `"-1"`
| idleTimeout | N | Output | Amount of time after which the client closes idle connections. Should be less than server's timeout. Default is `"5m"`. `"-1"` disables idle timeout check. | `"10m"`
| redisHost | Y | The Redis host address | `"localhost:6379"` |
| redisPassword | Y | The Redis password | `"password"` |
| redisUsername | N | Username for Redis host. Defaults to empty. Make sure your Redis server version is 6 or above, and have created acl rule correctly. | `"username"` |
| useEntraID | N | Implements EntraID support for Azure Cache for Redis. Before enabling this: <ul><li>The `redisHost` name must be specified in the form of `"server:port"`</li><li>TLS must be enabled</li></ul> Learn more about this setting under [Create a Redis instance > Azure Cache for Redis]({{< ref "#setup-redis" >}}) | `"true"`, `"false"` |
| enableTLS | N | If the Redis instance supports TLS with public certificates it can be configured to enable or disable TLS. Defaults to `"false"` | `"true"`, `"false"` |
| failover | N | Property to enabled failover configuration. Needs sentinelMasterName to be set. Defaults to `"false"` | `"true"`, `"false"`
| sentinelMasterName | N | The Sentinel master name. See [Redis Sentinel Documentation](https://redis.io/docs/reference/sentinel-clients/) | `""`, `"127.0.0.1:6379"`
| redisType | N | The type of Redis. There are two valid values, one is `"node"` for single node mode, the other is `"cluster"` for Redis cluster mode. Defaults to `"node"`. | `"cluster"`
| redisDB | N | Database selected after connecting to Redis. If `"redisType"` is `"cluster"`, this option is ignored. Defaults to `"0"`. | `"0"`
| redisMaxRetries | N | Maximum number of times to retry commands before giving up. Default is to not retry failed commands. | `"5"`
| redisMinRetryInterval | N | Minimum backoff for Redis commands between each retry. Default is `"8ms"`; `"-1"` disables backoff. | `"8ms"`
| redisMaxRetryInterval | N | Maximum backoff for Redis commands between each retry. Default is `"512ms"`;`"-1"` disables backoff. | `"5s"`
| dialTimeout | N | Dial timeout for establishing new connections. Defaults to `"5s"`. | `"5s"`
| readTimeout | N | Timeout for socket reads. If reached, Redis commands fail with a timeout instead of blocking. Defaults to `"3s"`, `"-1"` for no timeout. | `"3s"`
| writeTimeout | N | Timeout for socket writes. If reached, Redis commands fail with a timeout instead of blocking. Defaults is readTimeout. | `"3s"`
| poolSize | N | Maximum number of socket connections. Default is 10 connections per every CPU as reported by runtime.NumCPU. | `"20"`
| poolTimeout | N | Amount of time client waits for a connection if all connections are busy before returning an error. Default is readTimeout + 1 second. | `"5s"`
| maxConnAge | N | Connection age at which the client retires (closes) the connection. Default is to not close aged connections. | `"30m"`
| minIdleConns | N | Minimum number of idle connections to keep open in order to avoid the performance degradation associated with creating new connections. Defaults to `"0"`. | `"2"`
| idleCheckFrequency | N | Frequency of idle checks made by idle connections reaper. Default is `"1m"`. `"-1"` disables idle connections reaper. | `"-1"`
| idleTimeout | N | Amount of time after which the client closes idle connections. Should be less than server's timeout. Default is `"5m"`. `"-1"` disables idle timeout check. | `"10m"`
## Setup Redis
Dapr can use any Redis instance: containerized, running on your local dev machine, or a managed cloud service.
{{< tabs "Self-Hosted" "Kubernetes" "Azure" "AWS" "GCP" >}}
{{< tabs "Self-Hosted" "Kubernetes" "AWS" "Azure" "GCP" >}}
{{% codetab %}}
A Redis instance is automatically created as a Docker container when you run `dapr init`
@ -79,7 +81,7 @@ You can use [Helm](https://helm.sh/) to quickly create a Redis instance in our K
```
2. Run `kubectl get pods` to see the Redis containers now running in your cluster.
3. Add `redis-master:6379` as the `redisHost` in your [redis.yaml](#configuration) file. For example:
3. Add `redis-master:6379` as the `redisHost` in your [redis.yaml](#component-format) file. For example:
```yaml
metadata:
- name: redisHost
@ -90,7 +92,7 @@ You can use [Helm](https://helm.sh/) to quickly create a Redis instance in our K
- **Linux/MacOS**: Run `kubectl get secret --namespace default redis -o jsonpath="{.data.redis-password}" | base64 --decode` and copy the outputted password.
Add this password as the `redisPassword` value in your [redis.yaml](#configuration) file. For example:
Add this password as the `redisPassword` value in your [redis.yaml](#component-format) file. For example:
```yaml
metadata:
- name: redisPassword
@ -99,27 +101,37 @@ You can use [Helm](https://helm.sh/) to quickly create a Redis instance in our K
{{% /codetab %}}
{{% codetab %}}
**Note**: this approach requires having an Azure Subscription.
1. [Start the Azure Cache for Redis creation flow](https://ms.portal.azure.com/#create/Microsoft.Cache). Log in if necessary.
2. Fill out necessary information and **check the "Unblock port 6379" box**, which will allow us to persist state without SSL.
3. Click "Create" to kickoff deployment of your Redis instance.
4. Once your instance is created, you'll need to grab the Host name (FQDN) and your access key:
- For the Host name: navigate to the resource's "Overview" and copy "Host name".
- For your access key: navigate to "Settings" > "Access Keys" to copy and save your key.
5. Add your key and your host to a `redis.yaml` file that Dapr can apply to your cluster.
- If you're running a sample, add the host and key to the provided `redis.yaml`.
- If you're creating a project from the ground up, create a `redis.yaml` file as specified in [Configuration](#configuration).
Set the `redisHost` key to `[HOST NAME FROM PREVIOUS STEP]:6379` and the `redisPassword` key to the key you saved earlier.
**Note:** In a production-grade application, follow [secret management]({{< ref component-secrets.md >}}) instructions to securely manage your secrets.
> **NOTE:** Dapr pub/sub uses [Redis Streams](https://redis.io/topics/streams-intro) that was introduced by Redis 5.0, which isn't currently available on Azure Managed Redis Cache. Consequently, you can use Azure Managed Redis Cache only for state persistence.
[AWS Redis](https://aws.amazon.com/redis/)
{{% /codetab %}}
{{% codetab %}}
[AWS Redis](https://aws.amazon.com/redis/)
1. [Create an Azure Cache for Redis instance using the official Microsoft documentation.](https://docs.microsoft.com/azure/azure-cache-for-redis/quickstart-create-redis)
1. Once your instance is created, grab the Host name (FQDN) and your access key from the Azure portal.
- For the Host name:
- Navigate to the resource's **Overview** page.
- Copy the **Host name** value.
- For your access key:
- Navigate to **Settings** > **Access Keys**.
- Copy and save your key.
1. Add your key and your host name to a `redis.yaml` file that Dapr can apply to your cluster.
- If you're running a sample, add the host and key to the provided `redis.yaml`.
- If you're creating a project from the ground up, create a `redis.yaml` file as specified in [the Component format section](#component-format).
1. Set the `redisHost` key to `[HOST NAME FROM PREVIOUS STEP]:6379` and the `redisPassword` key to the key you saved earlier.
**Note:** In a production-grade application, follow [secret management]({{< ref component-secrets.md >}}) instructions to securely manage your secrets.
1. Enable EntraID support:
- Enable Entra ID authentication on your Azure Redis server. This may takes a few minutes.
- Set `useEntraID` to `"true"` to implement EntraID support for Azure Cache for Redis.
1. Set `enableTLS` to `"true"` to support TLS.
> **Note:**`useEntraID` assumes that either your UserPrincipal (via AzureCLICredential) or the SystemAssigned managed identity have the RedisDataOwner role permission. If a user-assigned identity is used, [you need to specify the `azureClientID` property]({{< ref "howto-mi.md#set-up-identities-in-your-component" >}}).
{{% /codetab %}}
{{% codetab %}}

54
daprdocs/content/en/reference/components-reference/supported-locks/redis-lock.md
View File

@ -22,6 +22,8 @@ spec:
value: <HOST>
- name: redisPassword
value: <PASSWORD>
- name: useEntraID
value: <bool> # Optional. Allowed: true, false.
- name: enableTLS
value: <bool> # Optional. Allowed: true, false.
- name: failover
@ -82,6 +84,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| redisHost | Y | Connection-string for the redis host | `localhost:6379`, `redis-master.default.svc.cluster.local:6379`
| redisPassword | Y | Password for Redis host. No Default. Can be `secretKeyRef` to use a secret reference | `""`, `"KeFg23!"`
| redisUsername | N | Username for Redis host. Defaults to empty. Make sure your redis server version is 6 or above, and have created acl rule correctly. | `""`, `"default"`
| useEntraID | N | Implements EntraID support for Azure Cache for Redis. Before enabling this: <ul><li>The `redisHost` name must be specified in the form of `"server:port"`</li><li>TLS must be enabled</li></ul> Learn more about this setting under [Create a Redis instance > Azure Cache for Redis]({{< ref "#setup-redis" >}}) | `"true"`, `"false"` |
| enableTLS | N | If the Redis instance supports TLS with public certificates, can be configured to be enabled or disabled. Defaults to `"false"` | `"true"`, `"false"`
| maxRetries | N | Maximum number of retries before giving up. Defaults to `3` | `5`, `10`
| maxRetryBackoff | N | Maximum backoff between each retry. Defaults to `2` seconds; `"-1"` disables backoff. | `3000000000`
@ -108,7 +111,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
Dapr can use any Redis instance: containerized, running on your local dev machine, or a managed cloud service.
{{< tabs "Self-Hosted" "Kubernetes" "Azure" "AWS" "GCP" >}}
{{< tabs "Self-Hosted" "Kubernetes" "AWS" "Azure" "GCP" >}}
{{% codetab %}}
A Redis instance is automatically created as a Docker container when you run `dapr init`
@ -124,7 +127,7 @@ You can use [Helm](https://helm.sh/) to quickly create a Redis instance in our K
```
2. Run `kubectl get pods` to see the Redis containers now running in your cluster.
3. Add `redis-master:6379` as the `redisHost` in your [redis.yaml](#configuration) file. For example:
3. Add `redis-master:6379` as the `redisHost` in your [redis.yaml](#component-format) file. For example:
```yaml
metadata:
- name: redisHost
@ -135,7 +138,7 @@ You can use [Helm](https://helm.sh/) to quickly create a Redis instance in our K
- **Linux/MacOS**: Run `kubectl get secret --namespace default redis -o jsonpath="{.data.redis-password}" | base64 --decode` and copy the outputted password.
Add this password as the `redisPassword` value in your [redis.yaml](#configuration) file. For example:
Add this password as the `redisPassword` value in your [redis.yaml](#component-format) file. For example:
```yaml
metadata:
- name: redisPassword
@ -144,27 +147,36 @@ You can use [Helm](https://helm.sh/) to quickly create a Redis instance in our K
{{% /codetab %}}
{{% codetab %}}
**Note**: this approach requires having an Azure Subscription.
1. [Start the Azure Cache for Redis creation flow](https://ms.portal.azure.com/#create/Microsoft.Cache). Log in if necessary.
2. Fill out necessary information and **check the "Unblock port 6379" box**, which will allow us to persist state without SSL.
3. Click "Create" to kickoff deployment of your Redis instance.
4. Once your instance is created, you'll need to grab the Host name (FQDN) and your access key:
- For the Host name: navigate to the resource's "Overview" and copy "Host name".
- For your access key: navigate to "Settings" > "Access Keys" to copy and save your key.
5. Add your key and your host to a `redis.yaml` file that Dapr can apply to your cluster.
- If you're running a sample, add the host and key to the provided `redis.yaml`.
- If you're creating a project from the ground up, create a `redis.yaml` file as specified in [Configuration](#configuration).
Set the `redisHost` key to `[HOST NAME FROM PREVIOUS STEP]:6379` and the `redisPassword` key to the key you saved earlier.
**Note:** In a production-grade application, follow [secret management]({{< ref component-secrets.md >}}) instructions to securely manage your secrets.
> **NOTE:** Dapr pub/sub uses [Redis Streams](https://redis.io/topics/streams-intro) that was introduced by Redis 5.0, which isn't currently available on Azure Managed Redis Cache. Consequently, you can use Azure Managed Redis Cache only for state persistence.
[AWS Redis](https://aws.amazon.com/redis/)
{{% /codetab %}}
{{% codetab %}}
[AWS Redis](https://aws.amazon.com/redis/)
1. [Create an Azure Cache for Redis instance using the official Microsoft documentation.](https://docs.microsoft.com/azure/azure-cache-for-redis/quickstart-create-redis)
1. Once your instance is created, grab the Host name (FQDN) and your access key from the Azure portal.
- For the Host name:
- Navigate to the resource's **Overview** page.
- Copy the **Host name** value.
- For your access key:
- Navigate to **Settings** > **Access Keys**.
- Copy and save your key.
1. Add your key and your host name to a `redis.yaml` file that Dapr can apply to your cluster.
- If you're running a sample, add the host and key to the provided `redis.yaml`.
- If you're creating a project from the ground up, create a `redis.yaml` file as specified in [the Component format section](#component-format).
1. Set the `redisHost` key to `[HOST NAME FROM PREVIOUS STEP]:6379` and the `redisPassword` key to the key you saved earlier.
**Note:** In a production-grade application, follow [secret management]({{< ref component-secrets.md >}}) instructions to securely manage your secrets.
1. Enable EntraID support:
- Enable Entra ID authentication on your Azure Redis server. This may takes a few minutes.
- Set `useEntraID` to `"true"` to implement EntraID support for Azure Cache for Redis.
1. Set `enableTLS` to `"true"` to support TLS.
> **Note:**`useEntraID` assumes that either your UserPrincipal (via AzureCLICredential) or the SystemAssigned managed identity have the RedisDataOwner role permission. If a user-assigned identity is used, [you need to specify the `azureClientID` property]({{< ref "howto-mi.md#set-up-identities-in-your-component" >}}).
{{% /codetab %}}
{{% codetab %}}

34
daprdocs/content/en/reference/components-reference/supported-pubsub/setup-redis-pubsub.md
View File

@ -26,6 +26,8 @@ spec:
value: "KeFg23!"
- name: consumerID
value: "channel1"
- name: useEntraID
value: "true"
- name: enableTLS
value: "false"
```
@ -42,6 +44,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
| redisPassword | Y | Password for Redis host. No Default. Can be `secretKeyRef` to use a secret reference | `""`, `"KeFg23!"`
| redisUsername | N | Username for Redis host. Defaults to empty. Make sure your redis server version is 6 or above, and have created acl rule correctly. | `""`, `"default"`
| consumerID | N | The consumer group ID. | Can be set to string value (such as `"channel1"` in the example above) or string format value (such as `"{podName}"`, etc.). [See all of template tags you can use in your component metadata.]({{< ref "component-schema.md#templated-metadata-values" >}})
| useEntraID | N | Implements EntraID support for Azure Cache for Redis. Before enabling this: <ul><li>The `redisHost` name must be specified in the form of `"server:port"`</li><li>TLS must be enabled</li></ul> Learn more about this setting under [Create a Redis instance > Azure Cache for Redis]({{< ref "#setup-redis" >}}) | `"true"`, `"false"` |
| enableTLS | N | If the Redis instance supports TLS with public certificates, can be configured to be enabled or disabled. Defaults to `"false"` | `"true"`, `"false"`
| redeliverInterval | N | The interval between checking for pending messages to redeliver. Can use either be Go duration string (for example "ms", "s", "m") or milliseconds number. Defaults to `"60s"`. `"0"` disables redelivery. | `"30s"`, `"5000"`
| processingTimeout | N | The amount time that a message must be pending before attempting to redeliver it. Can use either be Go duration string ( for example "ms", "s", "m") or milliseconds number. Defaults to `"15s"`. `"0"` disables redelivery. | `"60s"`, `"600000"`
@ -69,7 +72,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr
Dapr can use any Redis instance - containerized, running on your local dev machine, or a managed cloud service, provided the version of Redis is 5.x or 6.x.
{{< tabs "Self-Hosted" "Kubernetes" "AWS" "GCP" "Azure">}}
{{< tabs "Self-Hosted" "Kubernetes" "AWS" "Azure" "GCP" >}}
{{% codetab %}}
The Dapr CLI will automatically create and setup a Redis Streams instance for you.
@ -112,11 +115,36 @@ You can use [Helm](https://helm.sh/) to quickly create a Redis instance in our K
{{% /codetab %}}
{{% codetab %}}
[GCP Cloud MemoryStore](https://cloud.google.com/memorystore/)
1. [Create an Azure Cache for Redis instance using the official Microsoft documentation.](https://docs.microsoft.com/azure/azure-cache-for-redis/quickstart-create-redis)
1. Once your instance is created, grab the Host name (FQDN) and your access key from the Azure portal.
- For the Host name:
- Navigate to the resource's **Overview** page.
- Copy the **Host name** value.
- For your access key:
- Navigate to **Settings** > **Access Keys**.
- Copy and save your key.
1. Add your key and your host name to a `redis.yaml` file that Dapr can apply to your cluster.
- If you're running a sample, add the host and key to the provided `redis.yaml`.
- If you're creating a project from the ground up, create a `redis.yaml` file as specified in [the Component format section](#component-format).
1. Set the `redisHost` key to `[HOST NAME FROM PREVIOUS STEP]:6379` and the `redisPassword` key to the key you saved earlier.
**Note:** In a production-grade application, follow [secret management]({{< ref component-secrets.md >}}) instructions to securely manage your secrets.
1. Enable EntraID support:
- Enable Entra ID authentication on your Azure Redis server. This may takes a few minutes.
- Set `useEntraID` to `"true"` to implement EntraID support for Azure Cache for Redis.
1. Set `enableTLS` to `"true"` to support TLS.
> **Note:**`useEntraID` assumes that either your UserPrincipal (via AzureCLICredential) or the SystemAssigned managed identity have the RedisDataOwner role permission. If a user-assigned identity is used, [you need to specify the `azureClientID` property]({{< ref "howto-mi.md#set-up-identities-in-your-component" >}}).
{{% /codetab %}}
{{% codetab %}}
[Azure Redis](https://docs.microsoft.com/azure/azure-cache-for-redis/quickstart-create-redis)
[GCP Cloud MemoryStore](https://cloud.google.com/memorystore/)
{{% /codetab %}}
{{< /tabs >}}

50
daprdocs/content/en/reference/components-reference/supported-state-stores/setup-redis.md
View File

@ -28,6 +28,8 @@ spec:
value: <HOST>
- name: redisPassword
value: <PASSWORD>
- name: useEntraID
value: <bool> # Optional. Allowed: true, false.
- name: enableTLS
value: <bool> # Optional. Allowed: true, false.
- name: maxRetries
@ -98,6 +100,7 @@ If you wish to use Redis as an actor store, append the following to the yaml.
| redisHost | Y | Connection-string for the redis host | `localhost:6379`, `redis-master.default.svc.cluster.local:6379`
| redisPassword | Y | Password for Redis host. No Default. Can be `secretKeyRef` to use a secret reference | `""`, `"KeFg23!"`
| redisUsername | N | Username for Redis host. Defaults to empty. Make sure your redis server version is 6 or above, and have created acl rule correctly. | `""`, `"default"`
| useEntraID | N | Implements EntraID support for Azure Cache for Redis. Before enabling this: <ul><li>The `redisHost` name must be specified in the form of `"server:port"`</li><li>TLS must be enabled</li></ul> Learn more about this setting under [Create a Redis instance > Azure Cache for Redis]({{< ref "#setup-redis" >}}) | `"true"`, `"false"` |
| enableTLS | N | If the Redis instance supports TLS with public certificates, can be configured to be enabled or disabled. Defaults to `"false"` | `"true"`, `"false"`
| maxRetries | N | Maximum number of retries before giving up. Defaults to `3` | `5`, `10`
| maxRetryBackoff | N | Maximum backoff between each retry. Defaults to `2` seconds; `"-1"` disables backoff. | `3000000000`
@ -127,7 +130,7 @@ If you wish to use Redis as an actor store, append the following to the yaml.
Dapr can use any Redis instance: containerized, running on your local dev machine, or a managed cloud service.
{{< tabs "Self-Hosted" "Kubernetes" "Azure" "AWS" "GCP" >}}
{{< tabs "Self-Hosted" "Kubernetes" "AWS" "Azure" "GCP" >}}
{{% codetab %}}
A Redis instance is automatically created as a Docker container when you run `dapr init`
@ -163,27 +166,36 @@ You can use [Helm](https://helm.sh/) to quickly create a Redis instance in our K
{{% /codetab %}}
{{% codetab %}}
**Note**: this approach requires having an Azure Subscription.
1. [Start the Azure Cache for Redis creation flow](https://ms.portal.azure.com/#create/Microsoft.Cache). Log in if necessary.
2. Fill out necessary information and **check the "Unblock port 6379" box**, which will allow us to persist state without SSL.
3. Click "Create" to kickoff deployment of your Redis instance.
4. Once your instance is created, you'll need to grab the Host name (FQDN) and your access key:
- For the Host name: navigate to the resource's "Overview" and copy "Host name".
- For your access key: navigate to "Settings" > "Access Keys" to copy and save your key.
5. Add your key and your host to a `redis.yaml` file that Dapr can apply to your cluster.
- If you're running a sample, add the host and key to the provided `redis.yaml`.
- If you're creating a project from the ground up, create a `redis.yaml` file as specified in [Configuration](#configuration).
Set the `redisHost` key to `[HOST NAME FROM PREVIOUS STEP]:6379` and the `redisPassword` key to the key you saved earlier.
**Note:** In a production-grade application, follow [secret management]({{< ref component-secrets.md >}}) instructions to securely manage your secrets.
> **NOTE:** Dapr pub/sub uses [Redis Streams](https://redis.io/topics/streams-intro) that was introduced by Redis 5.0, which isn't currently available on Azure Managed Redis Cache. Consequently, you can use Azure Managed Redis Cache only for state persistence.
[AWS Redis](https://aws.amazon.com/redis/)
{{% /codetab %}}
{{% codetab %}}
[AWS Redis](https://aws.amazon.com/redis/)
1. [Create an Azure Cache for Redis instance using the official Microsoft documentation.](https://docs.microsoft.com/azure/azure-cache-for-redis/quickstart-create-redis)
1. Once your instance is created, grab the Host name (FQDN) and your access key from the Azure portal.
- For the Host name:
- Navigate to the resource's **Overview** page.
- Copy the **Host name** value.
- For your access key:
- Navigate to **Settings** > **Access Keys**.
- Copy and save your key.
1. Add your key and your host name to a `redis.yaml` file that Dapr can apply to your cluster.
- If you're running a sample, add the host and key to the provided `redis.yaml`.
- If you're creating a project from the ground up, create a `redis.yaml` file as specified in [the Component format section](#component-format).
1. Set the `redisHost` key to `[HOST NAME FROM PREVIOUS STEP]:6379` and the `redisPassword` key to the key you saved earlier.
**Note:** In a production-grade application, follow [secret management]({{< ref component-secrets.md >}}) instructions to securely manage your secrets.
1. Enable EntraID support:
- Enable Entra ID authentication on your Azure Redis server. This may takes a few minutes.
- Set `useEntraID` to `"true"` to implement EntraID support for Azure Cache for Redis.
1. Set `enableTLS` to `"true"` to support TLS.
> **Note:**`useEntraID` assumes that either your UserPrincipal (via AzureCLICredential) or the SystemAssigned managed identity have the RedisDataOwner role permission. If a user-assigned identity is used, [you need to specify the `azureClientID` property]({{< ref "howto-mi.md#set-up-identities-in-your-component" >}}).
{{% /codetab %}}
{{% codetab %}}