Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: REDIS connection using ssl in API #1391

Merged
merged 1 commit into from
Oct 8, 2024
Merged

fix: REDIS connection using ssl in API #1391

merged 1 commit into from
Oct 8, 2024

Conversation

alfespa17
Copy link
Member

This PR will fix the issue when the API is connecting to a REDIS with SSL enabled.

## API properties
api:
  version: "2.23.2"
  defaultRedis: false
  env:
  - name: TerrakubeRedisSSL
    value: "true"
  - name: TerrakubeRedisTruststorePath
    value: /layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security/cacerts 
  - name: TerrakubeRedisTruststorePassword
    value: changeit
  properties:
    redisHostname: "MYREDISHOSTNAME.redis.cache.windows.net"
    redisPassword: "mysuperpassword"

Logs:

2024-10-08T21:13:42.610Z  INFO 1 --- [           main] o.t.a.p.s.StreamingConfiguration         : Redis Configuration=> User: username is null, Hostname: MYREDISHOSTNAME.redis.cache.windows.net, Port: 6380, Ssl: true
2024-10-08T21:13:42.618Z  INFO 1 --- [           main] o.t.a.p.s.StreamingConfiguration         : Redis connection is not using username parameter
2024-10-08T21:13:42.618Z  INFO 1 --- [           main] o.t.a.p.s.StreamingConfiguration         : Setup Redis connection using SSL

It will use the default CA certs that are included inside the container located in /layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security/cacerts

The above was tested using a Azure REDIS cache and connecting using the "primary access key" without a username

This require to manually update the REDIS port that is hardcoded inside the helm chart.

https://github.com/AzBuilder/terrakube-helm-chart/blob/efd3585024cd7236cabfd389ed090d3d2add721f/charts/terrakube/templates/secrets-api.yaml#L20

I will change that in another PR.

@alfespa17 alfespa17 mentioned this pull request Oct 8, 2024
Open
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Oct 8, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@alfespa17 alfespa17 merged commit 5fb84d0 into main Oct 8, 2024
4 checks passed
@alfespa17 alfespa17 deleted the fix/redis-ssl branch October 8, 2024 21:46
@alfespa17
Copy link
Member Author

I will fix the same issue in the executor component in another pull request

@alfespa17 alfespa17 mentioned this pull request Oct 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alfespa17