Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No way to store the Redis password securely #2136

Open
BojanZelic opened this issue Feb 12, 2025 · 0 comments
Open

No way to store the Redis password securely #2136

BojanZelic opened this issue Feb 12, 2025 · 0 comments

Comments

@BojanZelic
Copy link

Redis Auth password is set in a configmap instead of a Secret.

# values.yaml
  redis:
    type: external
    external:
      addr: "harbor-ha-redis-node-0.harbor-ha-redis-headless.harbor.svc.cluster.local:6379..."
      sentinelMasterSet: "mymaster"
      username: ""
      password: "<password_redacted>"
      # If using existingSecret, the key must be REDIS_PASSWORD
      #existingSecret: "test"

the redis.external.existingSecret param doesn't actually pull the value from the K8s secret, instead it does a helm lookup function and ends up storing the password as part of the connection string in the harbor configmap. This causes problems when trying to deploy via argocd as argocd doesn't support helm lookup.

apiVersion: v1
kind: ConfigMap
metadata:
  name: harbor-core
...
data:
  _REDIS_URL_CORE: "redis+sentinel://:<password_redacted>@harbor-ha-redis-node-0.harbor-ha-redis-headless.harbor.svc.cluster.local:6379..."
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BojanZelic