Open byrdog55 opened 2 years ago
also, it would be nice to use a declarative approach to provide a k8s secret containing the Redis password, without Helm doing a lookup on the k8s API.
also, it would be nice to use a declarative approach to provide a k8s secret containing the Redis password, without Helm doing a lookup on the k8s API.
This can already be achieved as customEnv is working again. This is the config we use: customEnv:
- name: REDIS_ENDPOINT
valueFrom:
secretKeyRef:
name: redis-credentials
key: endpoint
- name: REDIS_PORT
valueFrom:
secretKeyRef:
name: redis-credentials
key: port
- name: REDIS_URL
value: "$(REDIS_ENDPOINT):$(REDIS_PORT)"
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: redis-credentials
key: password
This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.
This is still an issue. Would be nice to get support for this using simple helm values and without using customEnv
and the K8S lookup.
Version
1.10.x (latest stable)
Is your feature request related to a problem? Please describe.
When I deploy edge with
redis.disabled=true
andglobal.extensions.glooRedis.enableAcl=true
an opaque secret named redis is created with users.acl and redis-passwords fields Both need to be patched in order to use an external redis service because currently the password is generated with{{- $redisPassword = randAlphaNum 64 }}
Describe the solution you'd like
I would like to provide the password for the external redis service.
redis: disabled: false service: name: edge-ratelimit.redis.cache.windows.net port: 6379 password: myredispassword
Describe alternatives you've considered
We can patch the helm deployed secret with the external service's password
kubectl patch secret redis -n gloo-system --type=json -p "[{"op" : "replace" ,"path" : "/data/redis-password" ,"value" : "$REDIS_PASSWORD"}]"
kubectl patch secret redis -n gloo-system --type=json -p "[{"op" : "replace" ,"path" : "/data/users.acl " ,"value" : "user default +@all allkeys on >$REDIS_PASSWORD"}]"
Additional Context
kubeResourceOverrides can not be used in this case.