icanttakeitanymore
commented
7 months ago i suppose cli commands with acl enabled in k8sutils/redis.go must pass --user and --pass arguments, but there is no such code in there
Open diffuse opened 8 months ago
icanttakeitanymore
commented
7 months ago i suppose cli commands with acl enabled in k8sutils/redis.go must pass --user and --pass arguments, but there is no such code in there
diffuse
commented
7 months ago For further clarification, this behavior is present when using either of the following configurations in the ACL for the default user:
user default offuser default on ~* &* +@all >password (where password is any password)The cluster comes up successfully with the below config, or when the user default line is omitted entirely:
user default on nopass ~* &* +@all Which seems to further indicate that the password for the default user just needs to be provided to the operator.
Adding the default user's password to the redis-secret also doesn't expose it to the operator.
With this behavior it seems like using an ACL doesn't provide much benefit, since the default user must be given high level permissions without a password for the operator to work. Is there a known way around this with configuration?
Thanks!
Describe your question
Installing redis-cluster and configuring ACL, e.g.:
correctly sets up ACL, but the redis operator fails to authenticate with
NOAUTH Authentication required.When using
redis-cliin this state, after successfully authenticating, I get the error messageCLUSTERDOWN Hash slot not servedwhen tryingSET foo bar. This behavior is not present (everything works) when ACL is disabled.How can the operator be configured to successfully authenticate to the cluster?
What version of redis-operator are you using?
redis-operator version: v0.15.1 redis-operator helm chart: v0.15.9 redis-cluster version: v7 redis-cluster image: v7.0.12 redis-cluster helm chart: v0.15.10
Additional context