Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TLS authentication for redis scaler #1224

Merged
merged 1 commit into from
Sep 25, 2023
Merged

Add TLS authentication for redis scaler #1224

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions content/docs/2.12/scalers/redis-cluster-lists.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,16 @@ You can authenticate by using a password.
- `username` - Redis username to authenticate with.
- `password` - Redis password to authenticate with.

**TLS:**

Parameters used for configuring TLS authentication. Note this can not be used together with `enableTLS` and `unsafeSsl` on the `ScaledObject`, which is used to define using insecure TLS with skipping certificate check.

- `tls` - To enable SSL auth for Redis, set this to `enable`. If not set, TLS for Redis is not used. (Values: `enable`, `disable`, Default: `disable`, Optional)
- `ca` - Certificate authority file for TLS authentication. (Optional)
- `cert` - Certificate for client authentication. (Optional)
- `key` - Key for client authentication. (Optional)
- `keyPassword` - If set the `keyPassword` is used to decrypt the provided `key`. (Optional)

### Example

Here is an example of how to deploy a scaled object with the `redis-cluster` scale trigger which uses `TriggerAuthentication`.
Expand Down
31 changes: 31 additions & 0 deletions content/docs/2.12/scalers/redis-cluster-streams.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,21 @@ spec:

#### Using `TriggerAuthentication`

**TLS:**

Parameters used for configuring TLS authentication. Note this can not be used together with `enableTLS` and `unsafeSsl` on the `ScaledObject`, which is used to define using insecure TLS with skipping certificate check.

- `tls` - To enable SSL auth for Redis, set this to `enable`. If not set, TLS for Redis is not used. (Values: `enable`, `disable`, Default: `disable`, Optional)
- `ca` - Certificate authority file for TLS authentication. (Optional)
- `cert` - Certificate for client authentication. (Optional)
- `key` - Key for client authentication. (Optional)
- `keyPassword` - If set the `keyPassword` is used to decrypt the provided `key`. (Optional)

**Authentication:**

- `username` - Redis username to authenticate with.
- `password` - Redis password to authenticate with.

You can use `TriggerAuthentication` CRD to configure the authentication. For example:

```yaml
Expand All @@ -124,6 +139,10 @@ type: Opaque
data:
redis_username: <encoded redis username>
redis_password: <encoded redis password>
tls: "enable"
ca: <your ca>
cert: <your cert>
key: <your key>
---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
Expand All @@ -137,6 +156,18 @@ spec:
- parameter: password
name: redis-streams-auth # name of the Secret
key: redis_password # name of the key in the Secret
- parameter: tls
name: redis-streams-auth
key: tls
- parameter: ca
name: redis-streams-auth
key: ca
- parameter: cert
name: redis-streams-auth
key: cert
- parameter: key
name: redis-streams-auth
key: key
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
Expand Down
10 changes: 10 additions & 0 deletions content/docs/2.12/scalers/redis-lists.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,16 @@ You can authenticate by using a username (optional) and password.
- `host` - The hostname of the Redis server. If specified, the `port` should also be specified.
- `port` - The port of the Redis server. If specified, the `host` should also be specified.

**TLS:**

Parameters used for configuring TLS authentication. Note this can not be used together with `enableTLS` and `unsafeSsl` on the `ScaledObject`, which is used to define using insecure TLS with skipping certificate check.

- `tls` - To enable SSL auth for Redis, set this to `enable`. If not set, TLS for Redis is not used. (Values: `enable`, `disable`, Default: `disable`, Optional)
- `ca` - Certificate authority file for TLS authentication. (Optional)
- `cert` - Certificate for client authentication. (Optional)
- `key` - Key for client authentication. (Optional)
- `keyPassword` - If set the `keyPassword` is used to decrypt the provided `key`. (Optional)

**Authentication:**

- `username` - Redis username to authenticate with.
Expand Down
10 changes: 10 additions & 0 deletions content/docs/2.12/scalers/redis-sentinel-lists.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,16 @@ You can authenticate by using a password.
- `sentinelUsername` - Redis Sentinel username to authenticate with.
- `sentinelPassword` - Redis Sentinel password to authenticate with.

**TLS:**

Parameters used for configuring TLS authentication. Note this can not be used together with `enableTLS` and `unsafeSsl` on the `ScaledObject`, which is used to define using insecure TLS with skipping certificate check.

- `tls` - To enable SSL auth for Redis, set this to `enable`. If not set, TLS for Redis is not used. (Values: `enable`, `disable`, Default: `disable`, Optional)
- `ca` - Certificate authority file for TLS authentication. (Optional)
- `cert` - Certificate for client authentication. (Optional)
- `key` - Key for client authentication. (Optional)
- `keyPassword` - If set the `keyPassword` is used to decrypt the provided `key`. (Optional)


### Example

Expand Down
31 changes: 31 additions & 0 deletions content/docs/2.12/scalers/redis-sentinel-streams.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,21 @@ spec:

#### Using `TriggerAuthentication`

**TLS:**

Parameters used for configuring TLS authentication. Note this can not be used together with `enableTLS` and `unsafeSsl` on the `ScaledObject`, which is used to define using insecure TLS with skipping certificate check.

- `tls` - To enable SSL auth for Redis, set this to `enable`. If not set, TLS for Redis is not used. (Values: `enable`, `disable`, Default: `disable`, Optional)
- `ca` - Certificate authority file for TLS authentication. (Optional)
- `cert` - Certificate for client authentication. (Optional)
- `key` - Key for client authentication. (Optional)
- `keyPassword` - If set the `keyPassword` is used to decrypt the provided `key`. (Optional)

**Authentication:**

- `username` - Redis username to authenticate with.
- `password` - Redis password to authenticate with.

You can use `TriggerAuthentication` CRD to configure the authentication. For example:

```yaml
Expand All @@ -130,6 +145,10 @@ type: Opaque
data:
redis_username: <encoded redis username>
redis_password: <encoded redis password>
tls: "enable"
ca: <your ca>
cert: <your cert>
key: <your key>
---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
Expand All @@ -143,6 +162,18 @@ spec:
- parameter: password
name: redis-streams-auth # name of the Secret
key: redis_password # name of the key in the Secret
- parameter: tls
name: redis-streams-auth
key: tls
- parameter: ca
name: redis-streams-auth
key: ca
- parameter: cert
name: redis-streams-auth
key: cert
- parameter: key
name: redis-streams-auth
key: key
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
Expand Down
31 changes: 31 additions & 0 deletions content/docs/2.12/scalers/redis-streams.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,21 @@ spec:

#### Using `TriggerAuthentication`

**TLS:**

Parameters used for configuring TLS authentication. Note this can not be used together with `enableTLS` and `unsafeSsl` on the `ScaledObject`, which is used to define using insecure TLS with skipping certificate check.

- `tls` - To enable SSL auth for Redis, set this to `enable`. If not set, TLS for Redis is not used. (Values: `enable`, `disable`, Default: `disable`, Optional)
- `ca` - Certificate authority file for TLS authentication. (Optional)
- `cert` - Certificate for client authentication. (Optional)
- `key` - Key for client authentication. (Optional)
- `keyPassword` - If set the `keyPassword` is used to decrypt the provided `key`. (Optional)

**Authentication:**

- `username` - Redis username to authenticate with.
- `password` - Redis password to authenticate with.

You can use `TriggerAuthentication` CRD to configure the authentication. For example:

```yaml
Expand All @@ -121,6 +136,10 @@ type: Opaque
data:
redis_username: <encoded redis username>
redis_password: <encoded redis password>
tls: "enable"
ca: <your ca>
cert: <your cert>
key: <your key>
---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
Expand All @@ -134,6 +153,18 @@ spec:
- parameter: password
name: redis-streams-auth # name of the Secret
key: redis_password # name of the key in the Secret
- parameter: tls
name: redis-streams-auth
key: tls
- parameter: ca
name: redis-streams-auth
key: ca
- parameter: cert
name: redis-streams-auth
key: cert
- parameter: key
name: redis-streams-auth
key: key
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
Expand Down