kube/redis: implement optional cfg.password option
If set, this enables internal redis authentication scheme. Supports
secretRefs, as well as values passed directly.
Change-Id: Ie902b8d79fdc4aa83ad8ad123e79f0bc80c1251f
diff --git a/kube/redis.libsonnet b/kube/redis.libsonnet
index d272227..e596ac2 100644
--- a/kube/redis.libsonnet
+++ b/kube/redis.libsonnet
@@ -12,6 +12,7 @@
appName: error "app name must be set",
storageClassName: "waw-hdd-redundant-1",
prefix: "", # if set, should be 'foo-'
+ password: null,
image: "redis:5.0.4-alpine",
resources: {
@@ -65,13 +66,16 @@
args: [
"redis-server",
"--appendonly", "yes",
- ],
+ ] + (if cfg.password != null then ["--requirepass", "$(REDIS_PASSWORD)"] else []),
ports_: {
client: { containerPort: 6379 },
},
volumeMounts_: {
data: { mountPath: "/data" },
},
+ env_: {
+ [if cfg.password != null then "REDIS_PASSWORD"]: cfg.password,
+ },
resources: cfg.resources,
},
},