fix(helm): Include option to use Redis with SSL #26663
Conversation
shakeelansari63
requested review from
craig-rueda,
dpgaspar and
villebro
as code owners
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
I have user Here are some sample examples of rendered templates.. 1. No Password and No SSL
2. With Password and No SSL
3. No Password and With SSL (ssl_cert_reqs = CERT_NONE)
4. With Password and With SSL (ssl_cert_reqs = CERT_NONE)
5. With Password and With SSL (ssl_cert_reqs = CERT_OPTIONAL)
|
|
can you please rebase if bump the chart version again to fix the conflict |
Sure, will do it shortly |
|
@dpgaspar , Rebased and bumped the chart version to |
|
So I have added 2 new Parameters in Values which will translate to 2 new Environment variables. With Default Config
Generated Generated With modified config
Generated Generated |
shakeelansari63
changed the title
shakeelansari63
changed the title
Default Config without Redis SSL and Redis Password
Rendered Rendered Updated Config with Redis SSL and Redis Password
Rendered Rendered |
|
Hey guys, can you please review the code and tell me if you feel anything else should be changed... |
There was a problem hiding this comment.
Looking good. I just left one more comment and I think @dpgaspar has one as well
|
Hey guys, can you please suggest if any further change is needed? |
|
Re-running CI, while @craig-rueda and @dpgaspar review the requested changes. 🤞 |
There was a problem hiding this comment.
Almost there!
you need to update the README.md
| supersetNode.connections.db_pass | string | `"superset"` | |
| supersetNode.connections.db_port | string | `"5432"` | |
| supersetNode.connections.db_user | string | `"superset"` | |
+| supersetNode.connections.redis_cache_db | string | `"1"` | |
+| supersetNode.connections.redis_celery_db | string | `"0"` | |
| supersetNode.connections.redis_host | string | `"{{ .Release.Name }}-redis-headless"` | Change in case of bringing your own redis and then also set redis.enabled:false |
| supersetNode.connections.redis_port | string | `"6379"` | |
+| supersetNode.connections.redis_ssl.enabled | bool | `false` | |
+| supersetNode.connections.redis_ssl.ssl_cert_reqs | string | `"CERT_NONE"` | |
+| supersetNode.connections.redis_user | string | `""` | |
| supersetNode.containerSecurityContext | object | `{}` | |
| supersetNode.deploymentAnnotations | object | `{}` | Annotations to be added to supersetNode deployment |
| supersetNode.deploymentLabels | object | `{}` | Labels to be added to supersetNode deployment |
Yes, Just saw the failed CI task and updated this. |
|
Thanks for the quick turnaround. Go, CI, go!!! |
|
@rusackas , please trigger ci again , I had missed to update helm version in readme |
|
Yay .. All CI Checks finally completed 🥳 |
| {{- if .Values.supersetNode.connections.redis_password }} | ||
| REDIS_PASSWORD: {{ .Values.supersetNode.connections.redis_password | quote }} | ||
| {{- end }} | ||
| REDIS_PORT: {{ .Values.supersetNode.connections.redis_port | quote }} | ||
| REDIS_PROTO: {{ if .Values.supersetNode.connections.redis_ssl.enabled }}"rediss"{{ else }}"redis"{{ end }} |
There was a problem hiding this comment.
This has broken those w/o generating the default secret, which is a very common use case to manage secrets separately (rather than relying on the Helm chart).
This kind of backward compatibility should have been implemented somewhere else, and it's not a good practice not to even document/mention this feature/behavior change at all.
There was a problem hiding this comment.
The solution was to add the new REDIS_PROTO in the managed secret. However, it was a hassle to root cause it, due to lacking of documentation.
mistercrunch
added
🏷️ bot
SUMMARY
Updated Helm Chart to allow connection to Redis Server which enforce SSL connection. For example, Azure managed Redis Cache enforce connection through ssl only.
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TESTING INSTRUCTIONS
ADDITIONAL INFORMATION