I am trying to setup Redis (version 6.2.7) to use an ACL file but whenever I try to load this file in the server configuration, the process crashes at startup without errors. I am trying to do this on Kubernetes and I am using the bitnami helm chart package (version 16.13.2).
As the Chart does not explicitly support setting custom ACL rules, I came up with a workaround: I have mounted an acl file as an extraVolume (from a k8s secret) on /etc/redis/acl-file.conf.
My aclfile looks like this:
user foo +@all ~* on >somepassword
user bar +@all -@dangerous on >someotherpassword
I referenced it in the Redis configuration file and loaded it with the aclfile directive:
commonConfiguration: |-
# Enable appendonly file
appendonly yes
# Disable rdb persistence
save ""
aclfile /etc/redis/acl-file.conf
Unfortunately this attempt does not work and makes the server crash.
I have also set a "root" password with the auth Chart property:
auth:
enabled: true
password: rootpassword
This last authentication works but unfortunately has no access restrictions whatsoever.
Can anyone give me a hint on how to solve this issue? Thanks
I think that the healthcheck fails because it does not have access anymore. You need to provide the password for the default user both in the values of the Helm Chart and in the ACL file. For me the following works:
values.yaml:
architecture: standalone
auth:
password: abc-insecure
master:
persistence:
enabled: false
extraVolumes:
- name: redis-acl-list
secret:
secretName: redis-acl-list
extraVolumeMounts:
- name: redis-acl-list
readOnly: true
subPath: users.acl
mountPath: "/etc/redis/users.acl"
commonConfiguration:
aclfile /etc/redis/users.acl
secret for ACL file:
apiVersion: v1
kind: Secret
metadata:
name: redis-acl-list
type: Opaque
stringData:
users.acl: |
user default on ~* &* +@all >abc-insecure
user worker +@list +@connection ~jobs:* on >ffa9203c493aa99