Open diffuse opened 8 months ago
i suppose cli commands with acl enabled in k8sutils/redis.go must pass --user and --pass arguments, but there is no such code in there
For further clarification, this behavior is present when using either of the following configurations in the ACL for the default user:
user default off
user default on ~* &* +@all >password
(where password is any password)The cluster comes up successfully with the below config, or when the user default
line is omitted entirely:
user default on nopass ~* &* +@all
Which seems to further indicate that the password for the default user just needs to be provided to the operator.
Adding the default user's password to the redis-secret
also doesn't expose it to the operator.
With this behavior it seems like using an ACL doesn't provide much benefit, since the default user must be given high level permissions without a password for the operator to work. Is there a known way around this with configuration?
Thanks!
Describe your question
Installing redis-cluster and configuring ACL, e.g.:
correctly sets up ACL, but the redis operator fails to authenticate with
NOAUTH Authentication required
.When using
redis-cli
in this state, after successfully authenticating, I get the error messageCLUSTERDOWN Hash slot not served
when tryingSET foo bar
. This behavior is not present (everything works) when ACL is disabled.How can the operator be configured to successfully authenticate to the cluster?
What version of redis-operator are you using?
redis-operator version: v0.15.1 redis-operator helm chart: v0.15.9 redis-cluster version: v7 redis-cluster image: v7.0.12 redis-cluster helm chart: v0.15.10
Additional context