Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redis password changed when GE is upgraded using Argo #8964

Open
edubonifs opened this issue Dec 11, 2023 · 0 comments
Open

Redis password changed when GE is upgraded using Argo #8964

edubonifs opened this issue Dec 11, 2023 · 0 comments
Labels
Area: Helm Area: Redis Area: Stability Issues related to stability of the product, engineering, tech debt Area: Upgrades Type: Bug Something isn't working

Comments

@edubonifs
Copy link

Gloo Edge Product

Enterprise

Gloo Edge Version

1.15.x

Kubernetes Version

1.26

Describe the bug

When upgrading the version of gloo-ee through an ArgoCD sync (a full sync invoking Helm hooks), the redis secret seems to be updated with a new password, causing the new deployments to use this new password to connect to redis, which by default fails if redis is not updated and/or manually restarted to use the new password.
This sounds like it could originate from a pre-install or pre-upgrade Helm hook.
Specifically extauth will fail with several error messages in the logs, like this one when trying to save the session:
error":"WRONGPASS invalid username-password pair or user is disabled"
The virtual service using an authConfig using session in redis it will return a 500 error

Expected Behavior

At this moment, there is a workaround of disabling auth in redis, so the password is not updated any more:

global:
  extensions:
    glooRedis:
      enableAcl: false

Steps to reproduce the bug

However, it would be nice if you could use some helm field to indicate that we already have a generated password and we don't want gloo edge to generate a new one, as for example:
redis.auth.existingSecret or redis.auth.existingSecretKey

Additional Environment Detail

No response

Additional Context

No response
@edubonifs edubonifs added the Type: Bug Something isn't working label Dec 11, 2023
@sam-heilbron sam-heilbron added Area: Stability Issues related to stability of the product, engineering, tech debt Area: Upgrades Area: Redis labels Jun 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area: Helm Area: Redis Area: Stability Issues related to stability of the product, engineering, tech debt Area: Upgrades Type: Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DuncanDoyle @sam-heilbron @edubonifs