Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add helm value to configure Redis cert name #9699

Closed
DuncanDoyle opened this issue Jun 27, 2024 · 4 comments
Closed

Add helm value to configure Redis cert name #9699

DuncanDoyle opened this issue Jun 27, 2024 · 4 comments
Assignees
@bewebi
Labels
Area: Gloo Gateway Issues related to the Gloo Gateway project Area: Helm Area: Redis Prioritized Indicating issue prioritized to be worked on in RFE stream Type: Enhancement New feature or request zendesk

Comments

@DuncanDoyle
Copy link
Contributor

DuncanDoyle commented Jun 27, 2024
edited by sync-by-unito bot

Gloo Edge Product

Enterprise

Gloo Edge Version

1.16.11

Is your feature request related to a problem? Please describe.

When you set gloo.redis.cert.enabled to true:

If set to true, a secret for redis will be created, and cert.crt and cert.key will be required. If redis.disabled is not set the socket type is set to tsl. If redis.disabled is set, then only a secret will be created containing the cert and key. The secret is mounted to the rate-limiter and redis deployments with the cert and key. Default is false.

However, there are users where the creation of the secret with cert.crt and cert.key is managed outside of the Gloo Edge (Helm) installation process. Second, organizations might have different naming standards and conventions for secret names than the secret name Gloo Edge expects for this secret (i.e. {{.Release.Name}}-redis-ca-cert-secret).

Although you can work around this via a kubeResourceOverride helm value, but it would mean touching array type fields, which basically means rewriting significant parts of the deployment spec, making things error-prone and not very maintainable.

Describe the solution you'd like

Add a gloo.redis.cert.name Helm value that would allow the user to set the name of the secret that contains the cert.crt and cert.key. This allows the user to use a secret that adheres to corporate naming conventions and standards.

Describe alternatives you've considered

Use kubeResourceOverride. This would however mean touching array type fields, which basically means rewriting significant parts of the deployment spec, making things error-prone and not very maintainable.

Additional Context

No response

Related Issues

┆Issue is synchronized with this Asana task by Unito
@DuncanDoyle DuncanDoyle added Type: Enhancement New feature or request Area: Helm Area: Gloo Gateway Issues related to the Gloo Gateway project Area: Redis labels Jun 27, 2024
@soloio-bot
Copy link

Zendesk ticket #3956 has been linked to this issue.

@htpvu htpvu added the Prioritized Indicating issue prioritized to be worked on in RFE stream label Jul 15, 2024
@bewebi
Copy link
Contributor

bewebi commented Aug 6, 2024

Should a similar value also be exposed for the Redis TLS secret?

@bewebi
Copy link
Contributor

bewebi commented Aug 15, 2024
edited

solo-io/solo-projects#6751 is now open to address this

Will this need to be backported to 1.16 or is it sufficient to consider this a new feature (which it is) and only include in 1.18?

@bewebi
Copy link
Contributor

bewebi commented Aug 20, 2024

solo-io/solo-projects#6751 has merged and will be released in v1.18.0-beta1

In it we expose redis.cert.tlsSecretName and redis.cert.caCertSecretName values which allow giving the Redis TLS and CA cert secrets custom names respectively

@bewebi bewebi closed this as completed Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bewebi bewebi

Labels
Area: Gloo Gateway Issues related to the Gloo Gateway project Area: Helm Area: Redis Prioritized Indicating issue prioritized to be worked on in RFE stream Type: Enhancement New feature or request zendesk
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@DuncanDoyle @bewebi @htpvu @soloio-bot