Skip to content

Commit

Permalink
feat: Redis AUTH password (OT-CONTAINER-KIT#734)
Browse files Browse the repository at this point in the history 
* make-codegen

Signed-off-by: Shubham Gupta <[email protected]>

* fix codegen

Signed-off-by: Shubham Gupta <[email protected]>

* fix test

Signed-off-by: Shubham Gupta <[email protected]>

* fix naming

Signed-off-by: Shubham Gupta <[email protected]>

* fix test file

Signed-off-by: Shubham Gupta <[email protected]>

* fix secret issues

Signed-off-by: Shubham Gupta <[email protected]>

* fix

Signed-off-by: Shubham Gupta <[email protected]>

---------

Signed-off-by: Shubham Gupta <[email protected]>
Signed-off-by: Matt Robinson <[email protected]>
  • Loading branch information
@shubham-cmyk @mattrobinsonsre
shubham-cmyk authored and mattrobinsonsre committed Jul 11, 2024
1 parent f5a837f commit 987c8c5
Show file tree
Hide file tree
Showing 9 changed files with 198 additions and 15 deletions.
5 changes: 3 additions & 2 deletions api/common_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -146,8 +146,9 @@ type RedisPodDisruptionBudget struct {

// +k8s:deepcopy-gen=true
type RedisSentinelConfig struct {
AdditionalSentinelConfig *string `json:"additionalSentinelConfig,omitempty"`
RedisReplicationName string `json:"redisReplicationName"`
AdditionalSentinelConfig *string `json:"additionalSentinelConfig,omitempty"`
RedisReplicationName string `json:"redisReplicationName"`
RedisReplicationPassword *corev1.EnvVarSource `json:"redisReplicationPassword,omitempty"`
// +kubebuilder:default:=myMaster
MasterGroupName string `json:"masterGroupName,omitempty"`
// +kubebuilder:default:="6379"
Expand Down
5 changes: 5 additions & 0 deletions api/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

162 changes: 162 additions & 0 deletions config/crd/bases/redis.redis.opstreelabs.in_redissentinels.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1187,6 +1187,87 @@ spec:
type: string
redisReplicationName:
type: string
redisReplicationPassword:
description: EnvVarSource represents a source for the value of
an EnvVar.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath is written
in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified
API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only resources
limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage,
requests.cpu, requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes, optional
for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the exposed
resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
required:
- redisReplicationName
type: object
Expand Down Expand Up @@ -3396,6 +3477,87 @@ spec:
type: string
redisReplicationName:
type: string
redisReplicationPassword:
description: EnvVarSource represents a source for the value of
an EnvVar.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or its key
must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath is written
in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the specified
API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only resources
limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage,
requests.cpu, requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes, optional
for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the exposed
resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
type: object
required:
- redisReplicationName
type: object
Expand Down
7 changes: 7 additions & 0 deletions k8sutils/redis-sentinel.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
"errors"

"github.com/OT-CONTAINER-KIT/redis-operator/pkg/util"
"k8s.io/utils/pointer"

Expand Down Expand Up @@ -279,6 +280,12 @@ func getSentinelEnvVariable(ctx context.Context, client kubernetes.Interface, lo
},
}

if cr.Spec.RedisSentinelConfig != nil && cr.Spec.RedisSentinelConfig.RedisReplicationPassword != nil {
*envVar = append(*envVar, corev1.EnvVar{
Name: "MASTER_PASSWORD",
ValueFrom: cr.Spec.RedisSentinelConfig.RedisReplicationPassword,
})
}
return envVar

}
Expand Down
4 changes: 1 addition & 3 deletions ...ainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/chainsaw-test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,7 @@ spec:
- assert:
file: ready-replication-pvc.yaml
- create:
file: configmap.yaml
- assert:
file: configmap.yaml
file: password.yaml
- apply:
file: sentinel.yaml
- assert:
Expand Down
8 changes: 0 additions & 8 deletions ...e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/configmap.yaml
View file

This file was deleted.

8 changes: 8 additions & 0 deletions ...2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/password.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
apiVersion: v1
kind: Secret
metadata:
name: redis-replication-secret
stringData:
redis-replication-password: "Opstree@1234"
type: Opaque
6 changes: 6 additions & 0 deletions ...hainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/ready-secret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
apiVersion: v1
kind: Secret
metadata:
name: redis-replication-secret
type: Opaque
8 changes: 6 additions & 2 deletions ...2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/sentinel.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
---
# yaml-language-server: $schema=../../../../../../../../config/crd/bases/redis.redis.opstreelabs.in_redissentinels.yaml

apiVersion: redis.redis.opstreelabs.in/v1beta2
kind: RedisSentinel
metadata:
Expand All @@ -11,7 +12,10 @@ spec:
redisSentinelConfig:
redisReplicationName : redis-replication
quorum: "1"
additionalSentinelConfig: sentinel-external-config
redisReplicationPassword:
secretKeyRef:
name: redis-replication-secret
key: redis-replication-password
kubernetesConfig:
image: quay.io/opstree/redis-sentinel:latest
imagePullPolicy: Always
Expand Down

0 comments on commit 987c8c5

Please sign in to comment.