External redis+sentinel NOAUTH when using just redis.external.existingSecret

[Kajot-dev]

Overview

I have Harbor configured with external redis+sentinel
Setting just the redis.external.password (and NOT setting redis.external.password ) field (in the values.yaml) applies the password to the registry and chartmuseum components only, while harbor core fails to PING redis+sentinel with NOAUTH: Authentication required.

To put it simply: Redis password is NOT injected in the Redis connection url if only the redis.external.existingSecret is set

Potentially some resource lookup with helm or some comment (in the values.yaml) explaining that regardless of the redis.external.existingSecret, redis.external.password must be set would be better than nothing (but not perfect ofc).

To reproduce

1. Have external redis with authentication enabled
2. Create secret with redis pasword
3. Use that secret in the redis.external.existingSecret field
4. Do NOT set the redis.external.password (you're using exisitng secret, right?)
5. Deploy harbor from helm chart
6. See harbor core crashing while trying to PING redis

Tested with redis+sentinel deployed with: https://github.com/bitnami/charts/tree/main/bitnami/redis

Expected behaviour

Harbor successfully connects to the Redis database using password from the existing secret

Another small thing is that redis url with the plaintext password is stored inside a ConfigMap and not a Secret (provided redis.external.password is set)

[zyyw]

This PR might be able to resolve this issue:

• Allow usage of existingSecret for database #1326

[ScionOfDesign]

I ran into this issue as well. It's super annoying, as Redis is the only secret that does not yet have the ability to be external.

[rgarcia89]

Ran into that issue as well... quite annoying

[github-actions]

This issue is being marked stale due to a period of inactivity. If this issue is still relevant, please comment or remove the stale label. Otherwise, this issue will close in 30 days.