kube/redis: implement optional cfg.password option

If set, this enables internal redis authentication scheme. Supports secretRefs, as well as values passed directly. Change-Id: Ie902b8d79fdc4aa83ad8ad123e79f0bc80c1251f
2020-10-10 19:44:14 +02:00 · 2020-10-10 19:44:14 +02:00 · 89a1ee90cd
commit 89a1ee90cd
parent 018d219dc9
1 changed files with 5 additions and 1 deletions
--- a/kube/redis.libsonnet
+++ b/kube/redis.libsonnet
@ -12,6 +12,7 @@ local kube = import "kube.libsonnet";
        appName: error "app name must be set",
        storageClassName: "waw-hdd-redundant-1",
        prefix: "", # if set, should be 'foo-'
+        password: null,

        image: "redis:5.0.4-alpine",
        resources: {
@ -65,13 +66,16 @@ local kube = import "kube.libsonnet";
                            args: [
                                "redis-server",
                                "--appendonly", "yes",
-                            ],
+                            ] + (if cfg.password != null then ["--requirepass", "$(REDIS_PASSWORD)"] else []),
                            ports_: {
                                client: { containerPort: 6379 },
                            },
                            volumeMounts_: {
                                data: { mountPath: "/data" },
                            },
+                            env_: {
+                                [if cfg.password != null then "REDIS_PASSWORD"]: cfg.password,
+                            },
                            resources: cfg.resources,
                        },
                    },