search

solo-io / gloo

The Feature-rich, Kubernetes-native, Next-Generation API Gateway Built on Envoy
https://docs.solo.io/
Apache License 2.0
4.07k stars 436 forks source link

Provide helm value for Redis password when using redis.disabled=true #5879

Open byrdog55 opened 2 years ago

byrdog55 commented 2 years ago

Version

1.10.x (latest stable)

Is your feature request related to a problem? Please describe.

When I deploy edge with redis.disabled=true and global.extensions.glooRedis.enableAcl=true an opaque secret named redis is created with users.acl and redis-passwords fields Both need to be patched in order to use an external redis service because currently the password is generated with {{- $redisPassword = randAlphaNum 64 }}

Describe the solution you'd like

I would like to provide the password for the external redis service.

redis: disabled: false service: name: edge-ratelimit.redis.cache.windows.net port: 6379 password: myredispassword

Describe alternatives you've considered

We can patch the helm deployed secret with the external service's password kubectl patch secret redis -n gloo-system --type=json -p "[{"op" : "replace" ,"path" : "/data/redis-password" ,"value" : "$REDIS_PASSWORD"}]"

kubectl patch secret redis -n gloo-system --type=json -p "[{"op" : "replace" ,"path" : "/data/users.acl " ,"value" : "user default +@all allkeys on >$REDIS_PASSWORD"}]"

Additional Context

kubeResourceOverrides can not be used in this case.

bcollard commented 2 years ago

also, it would be nice to use a declarative approach to provide a k8s secret containing the Redis password, without Helm doing a lookup on the k8s API.

tricky42 commented 2 years ago

also, it would be nice to use a declarative approach to provide a k8s secret containing the Redis password, without Helm doing a lookup on the k8s API.

This can already be achieved as customEnv is working again. This is the config we use: customEnv:

            - name: REDIS_ENDPOINT
              valueFrom:
                secretKeyRef:
                  name: redis-credentials
                  key: endpoint
            - name: REDIS_PORT
              valueFrom:
                secretKeyRef:
                  name: redis-credentials
                  key: port
            - name: REDIS_URL
              value: "$(REDIS_ENDPOINT):$(REDIS_PORT)"
            - name: REDIS_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: redis-credentials
                  key: password
github-actions[bot] commented 3 months ago

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.

anessi commented 3 months ago

This is still an issue. Would be nice to get support for this using simple helm values and without using customEnv and the K8S lookup.