Comment on page
Configure an external in-memory cache
CARTO Self-Hosted requires Redis (version 6 or above) to work. This Redis instance does not need persistence, as it is used solely as a cache.
Both Single VM deployment and Orchestrated container deployment come already with an internal Redis deployment, but they lack any backups, autoscaling, or monitoring. Cloud vendors already offer Redis deployments at scale as a service:
In this section, you will see how to configure the Self-hosted to use an external Redis provided by your cloud vendor.
- 1.Comment the local Redis configuration:# Configuration for using a local redis, instead of a external one (comment when external redis)- LOCAL_REDIS_SCALE=1- REDIS_HOST=redis- REDIS_PORT=6379- REDIS_TLS_ENABLED=false+ # LOCAL_REDIS_SCALE=1+ # REDIS_HOST=redis+ # REDIS_PORT=6379+ # REDIS_TLS_ENABLED=false
- 2.Uncomment the external Redis configuration:# Your custom configuration for a external redis (comment when local redis)- # LOCAL_REDIS_SCALE=0- # REDIS_HOST=<FILL_ME>- # REDIS_PORT=<FILL_ME>- # REDIS_PASSWORD=<FILL_ME>- # REDIS_TLS_ENABLED=true# Only applies if Redis TLS certificate it's self signed, read the documentation# REDIS_TLS_CA=<FILL_ME>+ LOCAL_REDIS_SCALE=0+ REDIS_HOST=<FILL_ME>+ REDIS_PORT=<FILL_ME>+ REDIS_PASSWORD=<FILL_ME>+ REDIS_TLS_ENABLED=true
- 3.Replace the
<FILL_ME>
placeholders with the right values.
By default, CARTO will try to connect to your Redis without TLS, in case you want to connect via TLS, you can configure it via
REDIS_TLS_ENABLED
env vars in the customer.env file.REDIS_TLS_ENABLED=true
⚠️ In case you are connecting to a Redis instance where the TLS certificate is self signed or from a custom CA you will need to configure theREDIS_TLS_CA
variable
- 1.Copy your CA
.crt
file inside thecerts
folder. Rename the CA.crt
file toredis-tls-ca.crt
. - 2.Uncomment the
REDIS_TLS_CA
env var in the customer.env file.# Only applies if Redis TLS certificate it's selfsigned, read the documentation- # REDIS_TLS_CA=/usr/src/certs/redis-tls-ca.crt+ REDIS_TLS_CA=/usr/src/certs/redis-tls-ca.crt
Manually secrets creation
Automatic secrets creation
- 1.Add the secret:
kubectl create secret generic \
-n <namespace> \
mycarto-custom-redis-secret \
--from-literal=password=<AUTH string password>
- 2.Configure the package:
Add the following lines to your customizations.yaml to connect to the external Redis:
internalRedis:
# Disable the internal Redis
enabled: false
externalRedis:
host: <Redis IP/Hostname>
port: "6379"
existingSecret: "mycarto-custom-redis-secret"
existingSecretPasswordKey: "password"
tlsEnabled: true
# Only applies if your Redis TLS certificate it's self-signed
# tlsCA: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
- 1.Add the following lines to your customizations.yaml to connect to the external Redis:
internalRedis:
# Disable the internal Redis
enabled: false
externalRedis:
host: <Redis IP/Hostname>
port: "6379"
password: <Redis password>
tlsEnabled: true
# Only applies if your Redis TLS certificate it's self-signed
# tlsCA: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
Note: One kubernetes secret is going to be created automatically during the installation process with theexternalRedis.password
that you set in previous lines.
By default, CARTO will try to connect to your Redis without TLS enabled. In case you want to connect via TLS, you can configure it via the
externalRedis.tlsEnabled
parameter.externalRedis:
...
tlsEnabled: true
In case you are connecting to a Redis where the TLS certificate is selfsigned or from a custom CA you can configure it via the
externalRedis.tlsCA
parameterexternalRedis:
...
tlsEnabled: true
tlsCA: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
Last modified 2mo ago