Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable password-protected Redis #3130

Closed
samuelmak opened this issue Feb 17, 2020 · 7 comments
Closed

Enable password-protected Redis #3130

samuelmak opened this issue Feb 17, 2020 · 7 comments
Labels
component:settings RBAC issues/enhancements enhancement New feature or request type:supportability Enhancements that help operators to run Argo CD

Comments

@samuelmak
Copy link

Summary

Enable password-protected Redis

Motivation

We would like to enable password auth of Redis so that the information is protected.

Proposal

Can we inject the password from kubernetes secret into Redis and Argo CD server so that they can communicate with a password protected channel?
@samuelmak samuelmak added the enhancement New feature or request label Feb 17, 2020
@alexmt
Copy link
Collaborator

alexmt commented May 12, 2020

Hello @samuelmak ,

This is available but not documented. The password should be specified in REDIS_PASSWORD env variable in argocd-application-controller, argocd-server and argocd-repo-server deployments. Sending PR with the docs changes

@jannfis jannfis added component:settings RBAC issues/enhancements type:supportability Enhancements that help operators to run Argo CD labels May 14, 2020
@BenManifold
Copy link
Contributor

Is there any way to set this password using a secret instead of an environment variable? Passwords as env-vars violates our infosec compliance guidelines.

@BenManifold
Copy link
Contributor

Hello @samuelmak ,

This is available but not documented. The password should be specified in REDIS_PASSWORD env variable in argocd-application-controller, argocd-server and argocd-repo-server deployments. Sending PR with the docs changes

We really need a way to mount the password as a secrets file so we're not just skywriting in env vars all over the place

@LesleyDebes
Copy link

LesleyDebes commented Apr 26, 2021
edited
Loading

@alexmt Are there directions on how to pass the REDIS_PASSWORD environment correctly so that the Redis instance is password protected? Our team hasn't been able to get this working successfully but cannot find any info in the docs to see where we may be going wrong.

@nzin-appdirect
Copy link

Hi @LesleyDebes , I think it is because the haproxy is not setup to pass an AUTH token.
i.e.
in particular in

argo-cd/manifests/ha/base/redis-ha/chart/upstream.yaml

Line 343 in d511fb8

tcp-check send PING\r\n

we should have a

      tcp-check send AUTH <yourredispassword>\r\n
      tcp-check expect string +OK
      tcp-check send PING\r\n
      tcp-check expect string +PONG
      tcp-check send SENTINEL\ get-master-addr-by-name\ argocd\r\n
      tcp-check expect string REPLACE_ANNOUNCE0

This was referenced Nov 21, 2022
Closed
Closed
@SnoozeFreddo
Copy link

Would also need some instructions for non HA version.

The docs just reference this issue but what's the solution to store it as a secret?

@todaywasawesome
Copy link
Contributor

Closed by f1a449e

@travisgroth travisgroth mentioned this issue Jul 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component:settings RBAC issues/enhancements enhancement New feature or request type:supportability Enhancements that help operators to run Argo CD
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@alexmt @todaywasawesome @jannfis @BenManifold @LesleyDebes @nzin-appdirect @samuelmak @SnoozeFreddo