Memorystore Component
The Memorystore component provisions a managed Redis instance for caching and session storage.
Architecture
Resources Created
| Resource | Purpose |
|---|---|
| Redis Instance | Managed Redis cache |
Configuration
# Pulumi.dev.yaml
config:
serko-northsky:cacheMemorySizeGb: "1"
serko-northsky:cacheTier: "BASIC"
serko-northsky:cacheTransitEncryption: "false"
# Pulumi.prod.yaml
config:
serko-northsky:cacheMemorySizeGb: "2"
serko-northsky:cacheTier: "STANDARD_HA"
serko-northsky:cacheTransitEncryption: "true"
Instance Tiers
| Tier | Description | Use Case |
|---|---|---|
BASIC | Single instance | Dev/Test |
STANDARD_HA | High availability with failover | Production |
Environment Sizing
| Environment | Memory | Tier | Transit Encryption |
|---|---|---|---|
| Development | 1 GB | BASIC | Disabled |
| Testing | 1 GB | BASIC | Disabled |
| Production | 2 GB | STANDARD_HA | Enabled |
Features
Redis Version
All environments use Redis 7.0 for latest features:
- Improved memory efficiency
- Client-side caching support
- Function support
Maintenance Window
Scheduled maintenance occurs:
- Day: Sunday
- Time: 03:00-04:00 UTC
Authentication
Redis AUTH is enabled with an auto-generated password stored in Secret Manager.
Outputs
interface MemorystoreOutputs {
instanceId: string;
host: string;
port: number;
authString: string;
}
Connection Details
Connection String Format
redis://:PASSWORD@HOST:6379
From GKE Pods
Applications connect using environment variables from Secret Manager:
env:
- name: REDIS_URL
valueFrom:
secretKeyRef:
name: app-secrets
key: redis-url
Connection Example (Python)
import redis
import os
r = redis.from_url(os.environ['REDIS_URL'])
r.set('key', 'value')
value = r.get('key')
High Availability (Production)
In production, STANDARD_HA tier provides:
- Automatic Failover: Promotes replica on primary failure
- Cross-Zone Replication: Data replicated across zones
- 99.9% SLA: Availability guarantee
Security
- Private Network: No public IP, VPC access only
- AUTH Required: Password authentication enabled
- Transit Encryption: TLS in production
- IAM Integration: Access control via GCP IAM