From b0612ed278a09d18d2235c3c005cebd8863155fc Mon Sep 17 00:00:00 2001 From: Michael Schmid Date: Fri, 10 Jul 2020 14:40:29 -0400 Subject: [PATCH] add redis-password --- .lagoon.secrets.yaml | 10 ++++++++++ services/api-redis/.lagoon.app.yml | 5 +++++ services/api-redis/Dockerfile | 2 ++ services/api/.lagoon.app.yml | 5 +++++ services/api/Dockerfile | 3 ++- 5 files changed, 24 insertions(+), 1 deletion(-) diff --git a/.lagoon.secrets.yaml b/.lagoon.secrets.yaml index 41928b1a09..6a411006cb 100644 --- a/.lagoon.secrets.yaml +++ b/.lagoon.secrets.yaml @@ -32,6 +32,10 @@ parameters: description: Password used for connecting to the keycloak-db generate: expression from: "[a-zA-Z0-9]{32}" + - name: API_REDIS_PASSWORD + description: Password used for connecting to the api-redis + generate: expression + from: "[a-zA-Z0-9]{32}" - name: SAFE_BRANCH description: Which branch this belongs to, special chars replaced with dashes required: true @@ -99,3 +103,9 @@ objects: name: opendistro-security-cookie-password stringData: OPENDISTRO_SECURITY_COOKIE_PASSWORD: ${OPENDISTRO_SECURITY_COOKIE_PASSWORD} +- kind: Secret + apiVersion: v1 + metadata: + name: api-redis-password + stringData: + API_REDIS_PASSWORD: ${API_REDIS_PASSWORD} diff --git a/services/api-redis/.lagoon.app.yml b/services/api-redis/.lagoon.app.yml index 48b7166b89..e4ec8adba4 100644 --- a/services/api-redis/.lagoon.app.yml +++ b/services/api-redis/.lagoon.app.yml @@ -97,6 +97,11 @@ objects: value: ${SERVICE_NAME} - name: CRONJOBS value: ${CRONJOBS} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: api-redis-password + key: API_REDIS_PASSWORD resources: requests: cpu: 10m diff --git a/services/api-redis/Dockerfile b/services/api-redis/Dockerfile index 5f8d986391..3392398948 100644 --- a/services/api-redis/Dockerfile +++ b/services/api-redis/Dockerfile @@ -1,2 +1,4 @@ ARG IMAGE_REPO FROM ${IMAGE_REPO:-lagoon}/redis + +ENV REDIS_PASSWORD=admin \ No newline at end of file diff --git a/services/api/.lagoon.app.yml b/services/api/.lagoon.app.yml index 67765edb33..005463723f 100644 --- a/services/api/.lagoon.app.yml +++ b/services/api/.lagoon.app.yml @@ -134,6 +134,11 @@ objects: secretKeyRef: name: api-db-password key: API_DB_PASSWORD + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: api-redis-password + key: API_REDIS_PASSWORD - name: SERVICE_NAME value: ${SERVICE_NAME} - name: CRONJOBS diff --git a/services/api/Dockerfile b/services/api/Dockerfile index 7e220f2abb..ba213b25ca 100644 --- a/services/api/Dockerfile +++ b/services/api/Dockerfile @@ -28,7 +28,8 @@ ENV NODE_ENV=production \ ELASTICSEARCH_HOST=logs-db-service:9200 \ ELASTICSEARCH_URL=http://logs-db-service:9200 \ KEYCLOAK_API_CLIENT_SECRET=39d5282d-3684-4026-b4ed-04bbc034b61a \ - HARBOR_ADMIN_PASSWORD=admin + HARBOR_ADMIN_PASSWORD=admin \ + REDIS_PASSWORD=admin # The API is not very resilient to sudden mariadb restarts which can happen when the api and mariadb are starting # at the same time. So we have a small entrypoint which waits for mariadb to be fully ready.