Skip to content
This repository has been archived by the owner on Dec 11, 2023. It is now read-only.

[Redis Broker] - Add Certificate Support #129

Open
coding-trees opened this issue Mar 20, 2023 · 3 comments
Open

[Redis Broker] - Add Certificate Support #129

coding-trees opened this issue Mar 20, 2023 · 3 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@coding-trees
Copy link
Contributor

Hello,

Thanks for creating the redis broker - I was able to get the sample/demo working against a sample redis instance I spun up and things work great. At my company, we are required to use redis with tls and CA certificate to authenticate and although I do see that the RedisBroker does support tlsEnabled (https://github.com/triggermesh/triggermesh-core/blob/main/config/300-redisbroker.yaml#L90) I noticed that there's no field to put in the CA certificate.

I would like to request an addition to the RedisBroker that would allow to specificy a CA certificate when using RedisBroker - maybe another filed that reads from a secret, similar to the password (https://github.com/triggermesh/triggermesh-core/blob/main/config/300-redisbroker.yaml#L78)?

cacert:
 description: CACert is the Kubernetes secret containing the server CA cert used to connect to the redis instances.
 type: object
 properties:
   secretKeyRef:
      description: A reference to a Kubernetes Secret object.
      type: object
      properties:
         name:
             type: string
         key:
             type: string

Then in the Init (https://github.com/triggermesh/brokers/blob/main/pkg/backend/impl/redis/redis.go#L78) check if it's set and add it if so?

Please forgive me if this has been answered or documented elsewhere, I looked and was not able to find a solution.

Thanks
@odacremolbap
Copy link
Member

Hi @coding-trees

thanks for the issue. Yes that is a pending feature that we left to be asked for on demand.
And you are right on how the implementation should work (that redis.Init() doing the check).

This repo would only provide the binary, being as kubernetes agnostic as possible, so the certificates would be passed either as environment variables or arguments.
Then at triggermesh-core we would add that change you suggest.

We would need to make sure that skip-verify is defaulted to false for both, the redis binary here and the controller at triggermesh-core.

I have few cycles to work on this atm, and will gladly find some time maybe by the end of the month.
Since you nailed what needs to be done, if you decide to contribute, we would be delighted and would provide any support you need at our slack.

@odacremolbap odacremolbap added enhancement New feature or request help wanted Extra attention is needed labels Mar 20, 2023
@coding-trees
Copy link
Contributor Author

Thanks for the clarification @odacremolbap, yeah I can try and give it a shot and see if I can get to it sometime this week.

This was referenced Mar 21, 2023
Merged
Merged
@coding-trees
Copy link
Contributor Author

Hi @odacremolbap - thanks for the help with the PRs and getting this change into the main branch. I was wondering when these changes would be part of a new triggermesh-core and brokers release so we can install them.

@odacremolbap odacremolbap mentioned this issue Mar 30, 2023
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@odacremolbap @coding-trees