Redis password changed when GE is upgraded using Argo #8964
Labels
Area: Helm
Area: Redis
Area: Stability
Issues related to stability of the product, engineering, tech debt
Area: Upgrades
Type: Bug
Something isn't working
Gloo Edge Product
Enterprise
Gloo Edge Version
1.15.x
Kubernetes Version
1.26
Describe the bug
When upgrading the version of gloo-ee through an ArgoCD sync (a full sync invoking Helm hooks), the redis secret seems to be updated with a new password, causing the new deployments to use this new password to connect to redis, which by default fails if redis is not updated and/or manually restarted to use the new password.
This sounds like it could originate from a pre-install or pre-upgrade Helm hook.
Specifically extauth will fail with several error messages in the logs, like this one when trying to save the session:
error":"WRONGPASS invalid username-password pair or user is disabled"
The virtual service using an authConfig using session in redis it will return a 500 error
Expected Behavior
At this moment, there is a workaround of disabling auth in redis, so the password is not updated any more:
Steps to reproduce the bug
However, it would be nice if you could use some helm field to indicate that we already have a generated password and we don't want gloo edge to generate a new one, as for example:
redis.auth.existingSecret or redis.auth.existingSecretKey
Additional Environment Detail
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: