RedisInsight
Redis admin UI — raw manifests, exposed via the edge HAProxy.
Quick facts
What it is
Used for ad-hoc Redis inspection during demos and incident response. Authenticates against the in-cluster Redis Sentinel-managed primary.
Architecture
Single-replica Deployment per cluster, raw manifests (no Helm chart). PVC for the persistent settings/connection store (so saved DB connections survive pod restarts). nginx-ingress at the cluster level + Let's Encrypt cert via cert-manager + DNS-01.
A bootstrap Job auto-creates the Redis connection in RedisInsight on first deploy via its REST API (POST /api/databases), so you don't have to click through the UI. The Job is annotated as a PostSync hook so it runs after Argo materialises the deployment.
Configuration
Source: clusters/<cluster>/manifests/redisinsight/ — Namespace + Deployment + Service + Ingress + Certificate + PVC + bootstrap Job + ConfigMap.
Connection profile (added by the bootstrap Job): host rfs-redis.redis.svc.cluster.local (Sentinel-aware, port 26379), master name redis-master, no auth (matches the RedisFailover CR).
Operations
- UI:
https://redisinsight.apps.sub.comptech-lab.comon whichever cluster is fronted (each cluster has its own; via wildcard DNS + edge HAProxy SNI default to RKE2 ingress). - Reset settings:
kubectl -n redisinsight delete pvc redisinsight+ restart pod — bootstrap Job will re-add the default connection. - Smoke test:
curl -k https://redisinsight.apps.sub.comptech-lab.com/api/health→ 200.
Failover
Each cluster has its own. There's no edge HAProxy redisinsight-rke2-be wired today — the DNS wildcard + HAProxy SNI default forward to whichever cluster's ingress responds. With both clusters running, DC's takes the wildcard match. If DC's pod fails, the SNI doesn't auto-fail over to DR (no backup backend wired). Wiring is on the Plan-09 list.
References
- Redis — the inspected data plane
- Redis operator — Sentinel topology that RedisInsight talks to
- RedisInsight upstream docs