[TLS Enabled] Failed to create redis client with endpoint of database if tls enabled

[xwgao]

After enabling TLS and select “Require TLS for All communications” when creating database, failed to create Redis client with the endpoint shown on UI (e.g. redis-19137.redis.redis-project.svc.cluster.local:19137) and specify the proxy certificate as tls.ca in config.

[amiramm]

Hi @xwgao there is a known issue around FQDN in the GUI vs. K8s FQDN. Please use the following FQDN format: DB_NAME.redis-enterprise.svc.cluster.local (DB_NAME.NAMESPACE.svc.cluster.local) If you need further support, please contact support@redislabs.com

[xwgao]

But the DN name specified in the proxy ca certificate is redis-enterprise-0.redis-enterprise.{NAMESPACE}.svc.cluster.local. If DNS enabled, and using the address DB_NAME.NAMESPACE.svc.cluster.local, would get the following error message:

 Host: redis-enterprise-0.redis.svc.cluster.local. is not in the cert's altnames: DNS:redis-enterprise.redis.svc.cluster.local, DNS:*.redis-enterprise.redis.svc.cluster.local

[glilililili]

Also, after cluster recovery, data base's endpoint may bind to another cluster node, and we need to go into the cluster to see which node is binding. So is there any guideline to specify node for db endpoint to make it not changed and bind to a specific cluster node (replicas > 1)? Thanks.

[yuvallevy2]

The best way to connect is through K8s services created by the operator.