New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[bitnami/harbor] Lack of TLS support for External Redis #7691
Comments
Hi @jowko, thanks for reporting this! I opened an internal tracker for this such that it can be picked up at some point. But feel free to submit a pull request with a contribution if you are in a hurry. |
Hi @jowko, I just wanted to give you an update here. I looked at it hoping I could prepare a PR for it but it seems that we're lacking upstream support to implement something that would be straight forward. For example, changing the redis connection string from At the chart level we seem to be building connection strings for various components, which also have to support it
So for now, I'm leaving this one opened such that we can revisit it later once upstream support allows us to do it. |
Unfortunately, after some time it seems this was not implemented by the upstream project so it is difficult to implement this feature by ourselves. We will monitor upstream GH tickets related to this topic in order to work on it when possible, but it is not something we can address right now. That said, we will keep this ticket open until the stale bot closes it just in case someone from the community adds some valuable info or want to contribute by creating a PR. The Bitnami team will be happy to review it and provide feedback. Here you can find the contributing guidelines. |
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback. |
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary. |
Which chart:
[bitnami/harbor]
Is your feature request related to a problem? Please describe.
Harbor doesn't support TLS communication for External Redis instances.
This is a problem because of:
Official Helm Chart and Harbor also doesn't support this feature yet:
goharbor/harbor-helm#549
Describe the solution you'd like
It would be great to extend
externalRedis
values with options to configure TLS connection and certificate.TLS is supported in Redis bitnami chart, so we could take this solution as an example:
https://docs.bitnami.com/kubernetes/infrastructure/redis/administration/enable-tls/
Redis documentation:
https://redis.io/topics/encryption
Describe alternatives you've considered
There is a potential workaround to add a sidecar container for all services which are using Redis. This sidecar would open TLS connection to a Redis and a Harbor could connect to the sidecar without TLS. I will try to access this workaround to check if such thing will work.
The text was updated successfully, but these errors were encountered: