chore: add redis custom secret password support to v09x (#1406)

apecloud · Jan 14, 2025 · 6f3dcef · 6f3dcef
1 parent 2b92ff0
commit 6f3dcef
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 1 deletion.
diff --git a/addons-cluster/redis-cluster/templates/_helpers.tpl b/addons-cluster/redis-cluster/templates/_helpers.tpl
@@ -24,14 +24,22 @@ Define redis cluster shardingSpec with ComponentDefinition.
     - name: HOST_NETWORK_ENABLED
       value: "true"
     {{- end }}
+    serviceAccountName: {{ include "kblib.serviceAccountName" . }}
+    serviceVersion: {{ .Values.version }}
     systemAccounts:
     - name: default
+      {{- if and .Values.redisCluster.customSecretName .Values.redisCluster.customSecretNamespace }}
+      secretRef:
+        name: {{ .Values.redisCluster.customSecretName }}
+        namespace: {{ .Values.redisCluster.customSecretNamespace }}
+      {{- else }}
       passwordConfig:
         length: 10
         numDigits: 5
         numSymbols: 0
         letterCase: MixedCases
         seed: {{ include "kblib.clusterName" . }}
+      {{- end }}
     resources:
       limits:
         cpu: {{ .Values.cpu | quote }}
@@ -75,6 +83,14 @@ Define redis ComponentSpec with ComponentDefinition.
   enabledLogs:
     - running
   serviceAccountName: {{ include "kblib.serviceAccountName" . }}
+  serviceVersion: {{ .Values.version }}
+  {{- if and .Values.customSecretName .Values.customSecretNamespace }}
+  systemAccounts:
+    - name: default
+      secretRef:
+        name: {{ .Values.customSecretName }}
+        namespace: {{ .Values.customSecretNamespace }}
+  {{- end }}
   switchPolicy:
     type: Noop
   {{- include "kblib.componentResources" . | indent 2 }}
@@ -103,6 +119,15 @@ Define redis sentinel ComponentSpec with ComponentDefinition.
   - name: HOST_NETWORK_ENABLED
     value: "true"
   {{- end }}
+  serviceAccountName: {{ include "kblib.serviceAccountName" . }}
+  serviceVersion: {{ .Values.version }}
+  {{- if and .Values.sentinel.customSecretName .Values.sentinel.customSecretNamespace }}
+  systemAccounts:
+    - name: default
+      secretRef:
+        name: {{ .Values.sentinel.customSecretName }}
+        namespace: {{ .Values.sentinel.customSecretNamespace }}
+  {{- end }}
   resources:
     limits:
       cpu: {{ .Values.sentinel.cpu | quote }}

diff --git a/addons-cluster/redis-cluster/values.schema.json b/addons-cluster/redis-cluster/values.schema.json
@@ -77,7 +77,25 @@
       "type": "boolean",
       "default": false,
       "title": "nodePortEnabled",
-      "description":"Whether NodePort service is enabled, default is true"
+      "description":"Whether NodePort service is enabled, default is false"
+    },
+    "fixedPodIPEnabled": {
+      "type": "boolean",
+      "default": false,
+      "title": "fixedPodIPEnabled",
+      "description":"Whether Fixed Pod IP is enabled, default is false"
+    },
+    "customSecretName": {
+      "title": "the secret name for Redis default user's password",
+      "description": "the secret must contain keys named 'username' and 'password'",
+      "type": "string",
+      "default": ""
+    },
+    "customSecretNamespace": {
+      "title": "the secret namespace for Redis default user's password",
+      "description": "the secret must contain keys named 'username' and 'password'",
+      "type": "string",
+      "default": ""
     },
     "twemproxy": {
       "title": "The redis twemproxy component",
@@ -125,6 +143,18 @@
           "type": "string",
           "default": ""
         },
+        "customSecretName": {
+          "title": "the secret name for Redis Sentinel default user's password",
+          "description": "the secret must contain keys named 'username' and 'password'",
+          "type": "string",
+          "default": ""
+        },
+        "customSecretNamespace": {
+          "title": "the secret namespace for Redis Sentinel default user's password",
+          "description": "the secret must contain keys named 'username' and 'password'",
+          "type": "string",
+          "default": ""
+        },
         "enabled": {
           "description":"Whether have sentinel component, default is true",
           "title": "sentinel.enable",
@@ -176,6 +206,18 @@
           "default": 3,
           "minimum": 3,
           "maximum": 2048
+        },
+        "customSecretName": {
+          "title": "the secret name for Redis Cluster default user's password",
+          "description": "the secret must contain keys named 'username' and 'password'",
+          "type": "string",
+          "default": ""
+        },
+        "customSecretNamespace": {
+          "title": "the secret namespace for Redis Cluster default user's password",
+          "description": "the secret must contain keys named 'username' and 'password'",
+          "type": "string",
+          "default": ""
         }
       }
     }

diff --git a/addons-cluster/redis-cluster/values.yaml b/addons-cluster/redis-cluster/values.yaml
@@ -41,6 +41,11 @@ requests:
 ##
 storage: 20
 
+# custom password of default user for redis by passing a secret
+# the secret must contain keys named 'username' and 'password'
+customSecretName: ""
+customSecretNamespace: ""
+
 ## @param twemproxy.enable
 ## @param sentinel.cpu
 ## @param sentinel.memory
@@ -76,9 +81,17 @@ sentinel:
   storage: 20
   replicas: 3
   customMasterName: ""
+  # custom password of default user for redis sentinel by passing a secret
+  # the secret must contain keys named 'username' and 'password'
+  customSecretName: ""
+  customSecretNamespace: ""
 
 ## if mode is cluster, specify the redis cluster parameters
 ## @param redisCluster.shardCount specify the number of shards in the cluster, the minimum value is 3
 redisCluster:
   shardCount: 3
+  # custom password of default user for redis cluster by passing a secret
+  # the secret must contain keys named 'username' and 'password'
+  customSecretName: ""
+  customSecretNamespace: ""