Merge pull request #256 from akeylesslabs/sra-redis

added redis to sra

charts/akeyless-secure-remote-access/Chart.yaml

@@ -14,7 +14,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 
-version: 1.2.6
+version: 1.3.0
 
 
 appVersion: 2.2.5_1.7.0

charts/akeyless-secure-remote-access/templates/_helpers.tpl

@@ -175,4 +175,18 @@ Get the Ingress TLS secret.
 
 {{- define "akeylessTenantUrl" -}}
 {{- default "akeyless.io" .Values.ztpConfig.akeylessTenantUrl -}}
+{{- end -}}
+
+{{- define "akeyless-zero-trust-portal.storageSecretName" -}}
+        {{ $.Release.Name }}-storage-secret
+{{- end -}}
+
+{{- define "akeyless-zero-trust-portal.redisStorageImage" -}}
+    {{- if .Values.redisStorage.image -}}
+        image: "{{ .Values.redisStorage.image.repository }}:{{ .Values.redisStorage.image.tag }}"
+        imagePullPolicy: {{ .Values.redisStorage.image.pullPolicy }}
+    {{- else }}
+        image: "docker.io/bitnami/redis:6.2"
+        imagePullPolicy: "Always"
+    {{- end -}}
 {{- end -}}

charts/akeyless-secure-remote-access/templates/redisStorage.yaml

@@ -0,0 +1,90 @@
+{{- if .Values.redisStorage.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "akeyless-secure-remote-access.fullname" . }}-storage
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    name: {{ template "akeyless-secure-remote-access.fullname" . }}-storage
+    component: storage
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: {{ template "akeyless-secure-remote-access.fullname" . }}-storage
+  template:
+    metadata:
+      labels:
+        name: {{ template "akeyless-secure-remote-access.fullname" . }}-storage
+        component: storage
+    spec:
+      containers:
+      - name: {{ template "akeyless-secure-remote-access.fullname" . }}-storage
+        {{ include "akeyless-zero-trust-portal.redisStorageImage" $ }}
+        ports:
+          - containerPort: 6379
+            name: storage
+        livenessProbe:
+          exec:
+            command:
+              - sh
+              - -c
+              - |
+                #!/usr/bin/env bash -e
+                export REDISCLI_AUTH="$REDIS_PASSWORD"
+                set_response=$(
+                  redis-cli set liveness_test_key "SUCCESS"
+                )
+                response=$(
+                  redis-cli get liveness_test_key
+                )
+                del_response=$(
+                    redis-cli del liveness_test_key
+                )
+                if [ "$response" != "SUCCESS" ] ; then
+                  echo "Unable to get keys, something is wrong"
+                  echo "$response"
+                  exit 1
+                fi
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        readinessProbe:
+          exec:
+            command:
+              - sh
+              - -c
+              - |
+                #!/usr/bin/env bash -e
+                export REDISCLI_AUTH="$REDIS_PASSWORD"
+                response=$(
+                    redis-cli ping
+                )
+                if [ "$response" != "PONG" ] ; then
+                    echo "Unable to get keys, something is wrong"
+                    echo "$response"
+                    exit 1
+                  fi
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        env:
+          - name: REDIS_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "akeyless-zero-trust-portal.storageSecretName" . }}
+                key: storage-pass
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "akeyless-secure-remote-access.fullname" . }}-storage-svc
+  labels:
+{{- include "akeyless-secure-remote-access.labels" . | nindent 4 }}
+spec:
+  ports:
+    - port: 6379
+      protocol: TCP
+  selector:
+    name: {{ template "akeyless-secure-remote-access.fullname" . }}-storage
+  type: ClusterIP
+  {{- end }}

charts/akeyless-secure-remote-access/templates/secrets.yaml

@@ -33,4 +33,18 @@ data:
   azure-tenant-id: {{ .Values.ztbConfig.config.rdpRecord.azure.azureTenantId | b64enc | quote }}
   {{- end }}
 {{- end }}
+{{- end }}
+
+{{- if .Values.redisStorage.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $.Release.Name }}-storage-secret
+type: Opaque
+data:
+  {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace (printf "%s-storage-secret" $.Release.Name) ) | default dict }}
+  {{- $secretData := (get $secretObj "data") | default dict }}
+  # set $storagePassSecret to existing secret data or generate a random one when not exists
+  {{- $storagePassSecret := (get $secretData "storage-pass") | default (randAlphaNum 32 | b64enc) }}
+  storage-pass: {{ $storagePassSecret | quote }}
 {{- end }}

charts/akeyless-secure-remote-access/templates/statefulSet.yaml

@@ -192,6 +192,17 @@ spec:
           - name: no_proxy
             value: {{ .Values.httpProxySettings.no_proxy }}
 {{- end }}
+{{- if .Values.redisStorage.enabled }}
+          - name: USE_CLUSTER_CACHE
+            value: "1"
+          - name: REDIS_ADDR
+            value: {{  include "akeyless-secure-remote-access.fullname" . }}-storage-svc:6379
+          - name: REDIS_PASS
+            valueFrom:
+              secretKeyRef:
+                name: {{ include "akeyless-zero-trust-portal.storageSecretName" . }}
+                key: storage-pass
+{{- end }}
 {{- if .Values.sshConfig.env }}
           {{- toYaml .Values.sshConfig.env | nindent 10 }}
 {{- end }}

charts/akeyless-secure-remote-access/values.yaml

@@ -84,6 +84,10 @@ httpProxySettings:
 deployment:
   labels: {}
 
+redisStorage:
+  enabled: false
+
+
 ####################################################
 ## Default values for akeyless-zero-trust-bastion ##
 ####################################################