From 4ce82a97cfebc83c2c79e17fd87299da125436d0 Mon Sep 17 00:00:00 2001 From: Floppy Disk Date: Fri, 13 Dec 2024 15:44:38 +0300 Subject: [PATCH 1/2] Add redis auth --- packages/apps/redis/Chart.yaml | 2 +- packages/apps/redis/README.md | 1 + .../templates/dashboard-resourcemap.yaml | 7 ++++++ .../apps/redis/templates/redisfailover.yaml | 22 +++++++++++++++++++ packages/apps/redis/values.schema.json | 5 +++++ packages/apps/redis/values.yaml | 2 ++ packages/apps/versions_map | 3 ++- 7 files changed, 40 insertions(+), 2 deletions(-) diff --git a/packages/apps/redis/Chart.yaml b/packages/apps/redis/Chart.yaml index e02eb3d06..f1666ada9 100644 --- a/packages/apps/redis/Chart.yaml +++ b/packages/apps/redis/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.3.1 +version: 0.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/apps/redis/README.md b/packages/apps/redis/README.md index 4b3c049c4..cc932a05e 100644 --- a/packages/apps/redis/README.md +++ b/packages/apps/redis/README.md @@ -19,5 +19,6 @@ Service utilizes the Spotahome Redis Operator for efficient management and orche | `size` | Persistent Volume size | `1Gi` | | `replicas` | Number of Redis replicas | `2` | | `storageClass` | StorageClass used to store the data | `""` | +| `authEnabled` | Enable password generation | `true` | diff --git a/packages/apps/redis/templates/dashboard-resourcemap.yaml b/packages/apps/redis/templates/dashboard-resourcemap.yaml index a0c43508d..45958e8f5 100644 --- a/packages/apps/redis/templates/dashboard-resourcemap.yaml +++ b/packages/apps/redis/templates/dashboard-resourcemap.yaml @@ -13,3 +13,10 @@ rules: - rfrs-{{ .Release.Name }} - "{{ .Release.Name }}-external-lb" verbs: ["get", "list", "watch"] +- apiGroups: + - "" + resources: + - secrets + resourceNames: + - "{{ .Release.Name }}-auth" + verbs: ["get", "list", "watch"] diff --git a/packages/apps/redis/templates/redisfailover.yaml b/packages/apps/redis/templates/redisfailover.yaml index ca95caa18..b73b054b3 100644 --- a/packages/apps/redis/templates/redisfailover.yaml +++ b/packages/apps/redis/templates/redisfailover.yaml @@ -1,3 +1,21 @@ +{{- if .Values.authEnabled }} + {{- $existingPassword := lookup "v1" "Secret" .Release.Namespace (printf "%s-auth" .Release.Name) }} + {{- $password := randAlphaNum 16 | b64enc }} + {{- if $existingPassword }} + {{- $password = index $existingPassword.data "password" }} + {{- else }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-auth +data: + password: {{ $password }} + {{- end }} +{{- end }} + +--- + apiVersion: databases.spotahome.com/v1 kind: RedisFailover metadata: @@ -52,3 +70,7 @@ spec: - appendonly no - save "" {{- end }} + {{- if .Values.authEnabled }} + auth: + secretPath: {{ .Release.Name }}-auth + {{- end }} diff --git a/packages/apps/redis/values.schema.json b/packages/apps/redis/values.schema.json index f4fdfb7cd..aa96f2780 100644 --- a/packages/apps/redis/values.schema.json +++ b/packages/apps/redis/values.schema.json @@ -21,6 +21,11 @@ "type": "string", "description": "StorageClass used to store the data", "default": "" + }, + "authEnabled": { + "type": "boolean", + "description": "Enable password generation", + "default": true } } } \ No newline at end of file diff --git a/packages/apps/redis/values.yaml b/packages/apps/redis/values.yaml index 754f695a2..a330419d6 100644 --- a/packages/apps/redis/values.yaml +++ b/packages/apps/redis/values.yaml @@ -4,8 +4,10 @@ ## @param size Persistent Volume size ## @param replicas Number of Redis replicas ## @param storageClass StorageClass used to store the data +## @param authEnabled Enable password generation ## external: false size: 1Gi replicas: 2 storageClass: "" +authEnabled: true diff --git a/packages/apps/versions_map b/packages/apps/versions_map index a506edbd2..b313410b7 100644 --- a/packages/apps/versions_map +++ b/packages/apps/versions_map @@ -76,7 +76,8 @@ rabbitmq 0.4.3 HEAD redis 0.1.1 f642698 redis 0.2.0 5ca8823 redis 0.3.0 c07c4bbd -redis 0.3.1 HEAD +redis 0.3.1 b7375f73 +redis 0.4.0 HEAD tcp-balancer 0.1.0 f642698 tcp-balancer 0.2.0 HEAD tenant 0.1.3 3d1b86c From 45e1cf56464da2b74e7e2c2f7418d960fe5b4198 Mon Sep 17 00:00:00 2001 From: Floppy Disk Date: Fri, 13 Dec 2024 16:41:57 +0300 Subject: [PATCH 2/2] fix secret --- packages/apps/redis/templates/redisfailover.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/packages/apps/redis/templates/redisfailover.yaml b/packages/apps/redis/templates/redisfailover.yaml index b73b054b3..0d7c4e03a 100644 --- a/packages/apps/redis/templates/redisfailover.yaml +++ b/packages/apps/redis/templates/redisfailover.yaml @@ -1,9 +1,9 @@ {{- if .Values.authEnabled }} {{- $existingPassword := lookup "v1" "Secret" .Release.Namespace (printf "%s-auth" .Release.Name) }} - {{- $password := randAlphaNum 16 | b64enc }} + {{- $password := randAlphaNum 32 | b64enc }} {{- if $existingPassword }} {{- $password = index $existingPassword.data "password" }} - {{- else }} + {{- end }} --- apiVersion: v1 kind: Secret @@ -11,7 +11,6 @@ metadata: name: {{ .Release.Name }}-auth data: password: {{ $password }} - {{- end }} {{- end }} ---