Redis Configuration options

[iam-take]

If you want to use a external redis cache solution we are able to configure this through setting some properties on the API configuration in the HELM Chart. However it seems that is not possible for setting SSL Required & Changing the port that is going to be used.

It would be very usefull to be able to set this as this seems to be a good practise to secure your external redis configuration with SSL

Current

## API properties
api:
  existingSecret: false
  enabled: true
  image: azbuilder/api-server
  version: ""
  replicaCount: "1"
  serviceType: "ClusterIP"
  serviceAccountName: ""
  resources: {}
  podLabels: {}
  defaultDatabase: true
  defaultRedis: true
  loadSampleData: true
  terraformReleasesUrl: "https://releases.hashicorp.com/terraform/index.json"
  securityContext: {}
  containerSecurityContext: {}
  cache:
    moduleCacheMaxTotal: "128"
    moduleCacheMaxIdle: "128"
    moduleCacheMinIdle: "64"
    moduleCacheTimeout: "600000"
    moduleCacheSchedule: "0 */3 * ? * *"
  properties:
    databaseType: "POSTGRESQL"
    databaseHostname: ""
    databaseName: ""
    databaseUser: ""
    databaseSchema: "public"
    databasePassword: ""
    databaseSslMode: "disable"
    databasePort: "3306"
    redisHostname: ""
    redisPassword: ""

Proposed

## API properties
api:
  existingSecret: false
  enabled: true
  image: azbuilder/api-server
  version: ""
  replicaCount: "1"
  serviceType: "ClusterIP"
  serviceAccountName: ""
  resources: {}
  podLabels: {}
  defaultDatabase: true
  defaultRedis: true
  loadSampleData: true
  terraformReleasesUrl: "https://releases.hashicorp.com/terraform/index.json"
  securityContext: {}
  containerSecurityContext: {}
  cache:
    moduleCacheMaxTotal: "128"
    moduleCacheMaxIdle: "128"
    moduleCacheMinIdle: "64"
    moduleCacheTimeout: "600000"
    moduleCacheSchedule: "0 */3 * ? * *"
  properties:
    databaseType: "POSTGRESQL"
    databaseHostname: ""
    databaseName: ""
    databaseUser: ""
    databaseSchema: "public"
    databasePassword: ""
    databaseSslMode: "disable"
    databasePort: "3306"
    redisHostname: ""
    redisPassword: ""
    redisPort: "6380"
    redisSslMode: "require"

[alfespa17]

Sometime ago there was a pull request that added some SSL configuration parameters here

I think I never added those to the helm chart, let me check if I can add it in the following days.

[alfespa17]

@iam-take I did some progress with this one. After I merged AzBuilder/terrakube#1391 I was able to connect successfully to an Azure Redis with SSL enabled using the following with a custom image that I built that include the fix:

api:
  version: "2.23.2+small fix from AzBuilder/terrakube#1391"
  image: "api-server"
  defaultRedis: false
  defaultDatabase: true
  loadSampleData: true
  env:
  - name: TerrakubeRedisSSL
    value: "true"
  - name: TerrakubeRedisTruststorePath
    value: /layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security/cacerts 
  - name: TerrakubeRedisTruststorePassword
    value: changeit
  properties:
    redisHostname: "MY-REDIS-IN-AZURE.redis.cache.windows.net"
    redisPassword: "MY-REDIS-ACCESS-KEY"
    redisPort: "6380"

executor:
  version: "2.23.2"
  env:
  - name: SERVICE_BINDING_ROOT
    value: /mnt/platform/bindings
  - name: TerrakubeRedisSSL
    value: "true"
  - name: TerrakubeRedisTruststorePath
    value: /layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security/cacerts 
  - name: TerrakubeRedisTruststorePassword
    value: changeit

"changeit" is the default password for the java keystore included in the container by default in this path "/layers/paketo-buildpacks_bellsoft-liberica/jre/lib/security/cacerts"

The only issue that I see is that I had a huge latency from my local machine to the Azure Redis and the logs were not showing in the correct order.

So using the above YAML values in the future will allow to connect using Redis with a SSL enabled.