fix: delete redis from bitnami and provide own templates #1267

omrozowicz-splunk · 2025-10-13T12:27:28Z

Description

This PR:

Removes bitnami redis dependency
Upgrade redis version to the newest
Add redis authentication — both plain text and secret

Fixes # (issue)

Type of change

Please delete options that are not relevant.

Dependency update
Refactor/improvement
Breaking change (fix or feature that would cause existing functionality to not work as expected)
This change requires a documentation update

How Has This Been Tested?

TBD

Checklist

My commit message is conventional
I have run pre-commit on all files before creating the PR
I have commented my code, particularly in hard-to-understand areas
I have made corresponding changes to the documentation
I have added tests that prove my fix is effective or that my feature works
New and existing unit tests pass locally with my changes
I have checked my code and corrected any misspellings

charts/splunk-connect-for-snmp/templates/_helpers.tpl

charts/splunk-connect-for-snmp/values.yaml

charts/splunk-connect-for-snmp/templates/redis/redis-standalone-statefulset.yaml

Kawron · 2025-10-16T08:37:57Z

charts/splunk-connect-for-snmp/templates/redis/redis-standalone-statefulset.yaml

+        {{- if .Values.redis.auth.enabled }}
+        env:
+        - name: REDIS_PASSWORD
+          {{- if or .Values.redis.auth.existingSecret }}


"or" with single value

charts/splunk-connect-for-snmp/templates/redis/redis-standalone-statefulset.yaml

Kawron · 2025-10-16T08:51:01Z

charts/splunk-connect-for-snmp/templates/redis/redis-standalone-statefulset.yaml

+        args:
+        - |
+          # Copy config to writable location
+          cp /etc/redis/redis.conf /tmp/redis.conf


Do we need to do this? We shouldn't have to save the password as it is already done in the config map.

And if someone will change the config map, the /etc/redis/redis.conf file will be updated but not the /tmp/redis.conf so for changes to apply the redis container has to be restarted.

So maybe we should stick to the original file, or add to the documentation that the redis has to be restared each time someone changes the config map?

I think in every case when we use secrets this is the scenario that you have to recreate pods in order for them to mount a new secret (same with configmap). I think it is a good idea to add it to the documentation.

The restart requirement can be avoided if in the statefulset's pod tempate we add an annotation that includes a checksum of the configmap's values with something like below:

checksum/config: {{ include (print $.Template.BasePath "templates/redis/redis-config.yaml") . | sha256sum }}

hello @mattk42, thanks for the comment! 😄 I updated the template and tested — it works fine.
But in this case it'd be more beneficial to have such annotation for secrets. The only thing is that then we'd need to include such annotation on almost every pod (as all of them connect to the redis and have redis secret being mounted to it in order to calculate the connection string). Does it make sense? Is this how it should be done? The alternative way is to document that user has to recreate pods after changing secret's value.

Also, it would be difficult to calculate it as we can either have secret created from the /redis-redis-secret.yaml or the secret passed by the redis.auth.existingSecret

Yeah, that would be challenging and would add to the complexity of the chart as a whole. Personally I do really like automating the restarts, but it may not be worth the complexity in this case especially if it does not happen often.

…-tests]

…run-int-tests]

…un-ui-tests]

omrozowicz-splunk requested review from Kawron, ajasnosz and cwadhwani-splunk October 14, 2025 12:56

omrozowicz-splunk marked this pull request as ready for review October 14, 2025 12:57

Kawron suggested changes Oct 16, 2025

View reviewed changes

charts/splunk-connect-for-snmp/templates/_helpers.tpl Outdated Show resolved Hide resolved