feat: separate out Redis from the Nautobot deploy

The Nautobot chart shouldn't deploy its own copy of Redis so break that out. This simplifies secret handling of the Redis password by the Nautobot chart as well. The service account is properly created by the Redis chart as well so that can be removed.
rackerlabs · Feb 4, 2024 · 82dbc9c · 82dbc9c
1 parent b11d05a
commit 82dbc9c
Show file tree

Hide file tree

Showing 9 changed files with 61 additions and 408 deletions.
diff --git a/apps/components/kustomization.yaml b/apps/components/kustomization.yaml
@@ -10,5 +10,6 @@ resources:
   - rabbitmq-cluster.yaml
   - memcached.yaml
   - postgres-db.yaml
+  - nautobot-redis.yaml
   - nautobot.yaml
   - keystone.yaml
diff --git a/apps/components/nautobot-redis.yaml b/apps/components/nautobot-redis.yaml
@@ -0,0 +1,16 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: nautobot-redis
+spec:
+  project: understack
+  source:
+    repoURL: https://github.com/rackerlabs/understack.git
+    path: components/08-nautobot-redis/
+    targetRevision: HEAD
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: nautobot
+  syncPolicy:
+    automated:
+      selfHeal: true
diff --git a/components/01-secrets/README.md b/components/01-secrets/README.md
@@ -48,7 +48,6 @@ kubectl --namespace nautobot \
     --dry-run \
     -o yaml \
     --type Opaque \
-    --from-literal=NAUTOBOT_REDIS_PASSWORD="$(./scripts/pwgen.sh)" \
     --from-literal=NAUTOBOT_SECRET_KEY="$(./scripts/pwgen.sh)" \
     --from-literal=NAUTOBOT_SUPERUSER_API_TOKEN="$(./scripts/pwgen.sh)" \
     --from-literal=NAUTOBOT_SUPERUSER_PASSWORD="$(./scripts/pwgen.sh)" \
@@ -59,7 +58,7 @@ kubectl --namespace nautobot \
     --dry-run \
     -o yaml \
     --type Opaque \
-    --from-literal=redis-password="$(yq e '.data.NAUTOBOT_REDIS_PASSWORD' secret-nautobot-env.yaml | base64 -d)" \
+    --from-literal=redis-password="$(./scripts/pwgen.sh)" \
     > secret-nautobot-redis.yaml
 ```
 

diff --git a/components/08-nautobot-redis/kustomization.yaml b/components/08-nautobot-redis/kustomization.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+helmGlobals:
+  chartHome: ../../charts/
+helmCharts:
+- name: redis
+  includeCRDs: true
+  namespace: nautobot
+  valuesFile: values.yaml
+  releaseName: nautobot-redis
+  version: 18.12.1
+  repo: https://charts.bitnami.com/bitnami
diff --git a/components/08-nautobot-redis/values.yaml b/components/08-nautobot-redis/values.yaml
@@ -0,0 +1,3 @@
+auth:
+  existingSecret: nautobot-redis
+  existingSecretPasswordKey: redis-password
diff --git a/components/09-nautobot/kustomization.yaml b/components/09-nautobot/kustomization.yaml
@@ -2,9 +2,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-# the redis chart that Nautobot brings doesn't create this serviceaccount
 resources:
-  - redis-sa.yaml
 # the hack for the helm chart rendered this manually from the branch with
 # the following command:
 # helm template -n nautobot nautobot ./ -f values.yaml > nautobot-helm_2.0.5-plus-password-ref.yaml