From 987c8c55b76ab51e830e32b92dba9a8bc356cf93 Mon Sep 17 00:00:00 2001 From: Shubham Gupta <69793468+shubham-cmyk@users.noreply.github.com> Date: Mon, 18 Dec 2023 15:18:18 +0530 Subject: [PATCH] feat: Redis AUTH password (#734) * make-codegen Signed-off-by: Shubham Gupta * fix codegen Signed-off-by: Shubham Gupta * fix test Signed-off-by: Shubham Gupta * fix naming Signed-off-by: Shubham Gupta * fix test file Signed-off-by: Shubham Gupta * fix secret issues Signed-off-by: Shubham Gupta * fix Signed-off-by: Shubham Gupta --------- Signed-off-by: Shubham Gupta Signed-off-by: Matt Robinson --- api/common_types.go | 5 +- api/zz_generated.deepcopy.go | 5 + ...s.redis.opstreelabs.in_redissentinels.yaml | 162 ++++++++++++++++++ k8sutils/redis-sentinel.go | 7 + .../replication-password/chainsaw-test.yaml | 4 +- .../replication-password/configmap.yaml | 8 - .../replication-password/password.yaml | 8 + .../replication-password/ready-secret.yaml | 6 + .../replication-password/sentinel.yaml | 8 +- 9 files changed, 198 insertions(+), 15 deletions(-) delete mode 100644 tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/configmap.yaml create mode 100644 tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/password.yaml create mode 100644 tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/ready-secret.yaml diff --git a/api/common_types.go b/api/common_types.go index 5d5194ae1..1b8419354 100644 --- a/api/common_types.go +++ b/api/common_types.go @@ -146,8 +146,9 @@ type RedisPodDisruptionBudget struct { // +k8s:deepcopy-gen=true type RedisSentinelConfig struct { - AdditionalSentinelConfig *string `json:"additionalSentinelConfig,omitempty"` - RedisReplicationName string `json:"redisReplicationName"` + AdditionalSentinelConfig *string `json:"additionalSentinelConfig,omitempty"` + RedisReplicationName string `json:"redisReplicationName"` + RedisReplicationPassword *corev1.EnvVarSource `json:"redisReplicationPassword,omitempty"` // +kubebuilder:default:=myMaster MasterGroupName string `json:"masterGroupName,omitempty"` // +kubebuilder:default:="6379" diff --git a/api/zz_generated.deepcopy.go b/api/zz_generated.deepcopy.go index 499bb939b..975b24a1b 100644 --- a/api/zz_generated.deepcopy.go +++ b/api/zz_generated.deepcopy.go @@ -354,6 +354,11 @@ func (in *RedisSentinelConfig) DeepCopyInto(out *RedisSentinelConfig) { *out = new(string) **out = **in } + if in.RedisReplicationPassword != nil { + in, out := &in.RedisReplicationPassword, &out.RedisReplicationPassword + *out = new(v1.EnvVarSource) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RedisSentinelConfig. diff --git a/config/crd/bases/redis.redis.opstreelabs.in_redissentinels.yaml b/config/crd/bases/redis.redis.opstreelabs.in_redissentinels.yaml index e89f42317..d0ce64fbe 100644 --- a/config/crd/bases/redis.redis.opstreelabs.in_redissentinels.yaml +++ b/config/crd/bases/redis.redis.opstreelabs.in_redissentinels.yaml @@ -1187,6 +1187,87 @@ spec: type: string redisReplicationName: type: string + redisReplicationPassword: + description: EnvVarSource represents a source for the value of + an EnvVar. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object required: - redisReplicationName type: object @@ -3396,6 +3477,87 @@ spec: type: string redisReplicationName: type: string + redisReplicationPassword: + description: EnvVarSource represents a source for the value of + an EnvVar. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key + must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only resources + limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed + resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object required: - redisReplicationName type: object diff --git a/k8sutils/redis-sentinel.go b/k8sutils/redis-sentinel.go index 014284772..fdb3dcb84 100644 --- a/k8sutils/redis-sentinel.go +++ b/k8sutils/redis-sentinel.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "errors" + "github.com/OT-CONTAINER-KIT/redis-operator/pkg/util" "k8s.io/utils/pointer" @@ -279,6 +280,12 @@ func getSentinelEnvVariable(ctx context.Context, client kubernetes.Interface, lo }, } + if cr.Spec.RedisSentinelConfig != nil && cr.Spec.RedisSentinelConfig.RedisReplicationPassword != nil { + *envVar = append(*envVar, corev1.EnvVar{ + Name: "MASTER_PASSWORD", + ValueFrom: cr.Spec.RedisSentinelConfig.RedisReplicationPassword, + }) + } return envVar } diff --git a/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/chainsaw-test.yaml b/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/chainsaw-test.yaml index b8684bd82..29a5487a2 100644 --- a/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/chainsaw-test.yaml +++ b/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/chainsaw-test.yaml @@ -20,9 +20,7 @@ spec: - assert: file: ready-replication-pvc.yaml - create: - file: configmap.yaml - - assert: - file: configmap.yaml + file: password.yaml - apply: file: sentinel.yaml - assert: diff --git a/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/configmap.yaml b/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/configmap.yaml deleted file mode 100644 index 529906f34..000000000 --- a/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/configmap.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: sentinel-external-config -data: - redis-sentinel-additional.conf: | - sentinel auth-pass myMaster Opstree@1234 diff --git a/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/password.yaml b/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/password.yaml new file mode 100644 index 000000000..346addd89 --- /dev/null +++ b/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/password.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: redis-replication-secret +stringData: + redis-replication-password: "Opstree@1234" +type: Opaque diff --git a/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/ready-secret.yaml b/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/ready-secret.yaml new file mode 100644 index 000000000..de09d2654 --- /dev/null +++ b/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/ready-secret.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: redis-replication-secret +type: Opaque \ No newline at end of file diff --git a/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/sentinel.yaml b/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/sentinel.yaml index ffbe11e1a..2cc5040c6 100644 --- a/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/sentinel.yaml +++ b/tests/e2e-chainsaw/v1beta2/ha-setup/secured/partially-secured/replication-password/sentinel.yaml @@ -1,4 +1,5 @@ ---- +# yaml-language-server: $schema=../../../../../../../../config/crd/bases/redis.redis.opstreelabs.in_redissentinels.yaml + apiVersion: redis.redis.opstreelabs.in/v1beta2 kind: RedisSentinel metadata: @@ -11,7 +12,10 @@ spec: redisSentinelConfig: redisReplicationName : redis-replication quorum: "1" - additionalSentinelConfig: sentinel-external-config + redisReplicationPassword: + secretKeyRef: + name: redis-replication-secret + key: redis-replication-password kubernetesConfig: image: quay.io/opstree/redis-sentinel:latest imagePullPolicy: Always