fix(helm): Include option to use Redis with SSL #26663
Conversation
|
I have user Here are some sample examples of rendered templates.. 1. No Password and No SSL
2. With Password and No SSL
3. No Password and With SSL (ssl_cert_reqs = CERT_NONE)
4. With Password and With SSL (ssl_cert_reqs = CERT_NONE)
5. With Password and With SSL (ssl_cert_reqs = CERT_OPTIONAL)
|
|
can you please rebase if bump the chart version again to fix the conflict |
Sure, will do it shortly |
|
@dpgaspar , Rebased and bumped the chart version to |
|
So I have added 2 new Parameters in Values which will translate to 2 new Environment variables. With Default Config
Generated Generated With modified config
Generated Generated |
Default Config without Redis SSL and Redis Password
Rendered Rendered Updated Config with Redis SSL and Redis Password
Rendered Rendered |
|
Hey guys, can you please review the code and tell me if you feel anything else should be changed... |
There was a problem hiding this comment.
Looking good. I just left one more comment and I think @dpgaspar has one as well
|
Hey guys, can you please suggest if any further change is needed? |
|
Re-running CI, while @craig-rueda and @dpgaspar review the requested changes. 🤞 |
There was a problem hiding this comment.
Almost there!
you need to update the README.md
| supersetNode.connections.db_pass | string | `"superset"` | |
| supersetNode.connections.db_port | string | `"5432"` | |
| supersetNode.connections.db_user | string | `"superset"` | |
+| supersetNode.connections.redis_cache_db | string | `"1"` | |
+| supersetNode.connections.redis_celery_db | string | `"0"` | |
| supersetNode.connections.redis_host | string | `"{{ .Release.Name }}-redis-headless"` | Change in case of bringing your own redis and then also set redis.enabled:false |
| supersetNode.connections.redis_port | string | `"6379"` | |
+| supersetNode.connections.redis_ssl.enabled | bool | `false` | |
+| supersetNode.connections.redis_ssl.ssl_cert_reqs | string | `"CERT_NONE"` | |
+| supersetNode.connections.redis_user | string | `""` | |
| supersetNode.containerSecurityContext | object | `{}` | |
| supersetNode.deploymentAnnotations | object | `{}` | Annotations to be added to supersetNode deployment |
| supersetNode.deploymentLabels | object | `{}` | Labels to be added to supersetNode deployment |
Yes, Just saw the failed CI task and updated this. |
|
Thanks for the quick turnaround. Go, CI, go!!! |
|
@rusackas , please trigger ci again , I had missed to update helm version in readme |
|
Yay .. All CI Checks finally completed 🥳 |
| {{- if .Values.supersetNode.connections.redis_password }} | ||
| REDIS_PASSWORD: {{ .Values.supersetNode.connections.redis_password | quote }} | ||
| {{- end }} | ||
| REDIS_PORT: {{ .Values.supersetNode.connections.redis_port | quote }} | ||
| REDIS_PROTO: {{ if .Values.supersetNode.connections.redis_ssl.enabled }}"rediss"{{ else }}"redis"{{ end }} |
There was a problem hiding this comment.
This has broken those w/o generating the default secret, which is a very common use case to manage secrets separately (rather than relying on the Helm chart).
This kind of backward compatibility should have been implemented somewhere else, and it's not a good practice not to even document/mention this feature/behavior change at all.
There was a problem hiding this comment.
The solution was to add the new REDIS_PROTO in the managed secret. However, it was a hassle to root cause it, due to lacking of documentation.
SUMMARY
Updated Helm Chart to allow connection to Redis Server which enforce SSL connection. For example, Azure managed Redis Cache enforce connection through ssl only.
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TESTING INSTRUCTIONS
ADDITIONAL INFORMATION