feat(helm): support password-protected redis (#847)

REANA can now connect to password-protected Redis instances.
reanahub · Nov 22, 2024 · be12076 · be12076
1 parent 1ca9dea
commit be12076
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 0 deletions.
diff --git a/helm/reana/README.md b/helm/reana/README.md
@@ -98,6 +98,7 @@ This Helm automatically prefixes all names using the release name to avoid colli
 | `reana_hostname`                                         | REANA hostname (e.g. reana.example.org)                                              | None                                            |
 | `namespace_runtime`                                      | Namespace in which the REANA runtime pods (workflow engines, jobs etc...) will run   | `.Release.Namespace`                            |
 | `naming_scheme`                                          | REANA component naming scheme                                                        | None                                            |
+| `secrets.cache.password`                                 | **[Do not use in production, use secrets instead]** Cache (Redis) password           | None                                            |
 | `secrets.cern.sso.CERN_CONSUMER_KEY`                     | CERN SSO consumer key                                                                | None                                            |
 | `secrets.cern.sso.CERN_CONSUMER_SECRET`                  | **[Do not use in production, use secrets instead]** CERN SSO consumer secret         | None                                            |
 | `secrets.database.password`                              | **[Do not use in production, use secrets instead]** PostgreSQL database password     | None                                            |

diff --git a/helm/reana/templates/reana-cache.yaml b/helm/reana/templates/reana-cache.yaml
@@ -31,6 +31,15 @@ spec:
       containers:
       - name: cache
         image: docker.io/library/redis:5.0.5
+        env:
+          - name: REANA_CACHE_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "reana.prefix" . }}-cache-secrets
+                key: password
+        args:
+          - "--requirepass"
+          - "$(REANA_CACHE_PASSWORD)"
         ports:
         - containerPort: 6379
       {{- if .Values.node_label_infrastructure }}

diff --git a/helm/reana/templates/reana-server.yaml b/helm/reana/templates/reana-server.yaml
@@ -151,6 +151,11 @@ spec:
               secretKeyRef:
                 name: {{ include "reana.prefix" . }}-secrets
                 key: REANA_SECRET_KEY
+          - name: REANA_CACHE_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "reana.prefix" . }}-cache-secrets
+                key: password
           {{- if .Values.debug.enabled }}
           # Disable CORS in development environment, for example
           # to connect from an external React application.

diff --git a/helm/reana/templates/secrets.yaml b/helm/reana/templates/secrets.yaml
@@ -13,6 +13,17 @@ data:
 ---
 apiVersion: v1
 kind: Secret
+metadata:
+  name: {{ include "reana.prefix" . }}-cache-secrets
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/resource-policy": keep
+type: Opaque
+data:
+  password: {{ .Values.secrets.cache.password | default "" | b64enc | quote }}
+---
+apiVersion: v1
+kind: Secret
 metadata:
   name: {{ include "reana.prefix" . }}-cern-sso-secrets
   namespace: {{ .Release.Namespace }}

diff --git a/helm/reana/values.yaml b/helm/reana/values.yaml
@@ -49,6 +49,7 @@ infrastructure_storage: {}
 
 secrets:
   database: {}
+  cache: {}
   gitlab: {}
   cern:
     sso: {}