Gitlab Redis Password

Background:

Gitlab bundled uses a secret with the password to access the redis server. If not created when gitlab is installed, gitlab will create the gitlab-redis-secret secret with a random password.

To support the Redis datasource within Grafana, we need the password. The recent BB changes allow us to set the password with addon.gitlab.redis.password (set when password is not ""). When this is set, during a clean install, bb will create the gitlab-redis-secret for gitlab (since the secret exists, gitlab grab the value and init redis with the bb-created secret). The password is passed to the grafana-sc-datasources container to create the datasource.

Issue:

For an existing gitlab installation, if a user sets the addon.gitlab.redis.password, BB will try to create the secret, but it will fail, since it already exists. To use the existing password for gitlab redis, we could do something like this to get the current password, save it to a file, and delete the existing secret. The BB upgrade will then work:

$ kubectl -n gitlab get secret gitlab-redis-secret -o yaml | tee  gitlab-redis-secret.yaml
$ kubectl -n gitlab get secret gitlab-redis-secret -o jsonpath="{ .data.secret }" | base64 -d
$ kubectl -n gitlab delete secret gitlab-redis-secret

See if there's a better way to handle this.

• warn of this situation with a NOTES warning
• don't try to install the gitlab-redis-secret (but this would break clean installs)
• detect the condition somehow and handle it better
• disable the gitlab password all-together (how would existing install handle this)
• other options

Solution:

Determined if we create the secret with a new name, we won't have an install name conflict with the existing gitlab-created secret. We'll only create the new secret and then point gitlab to the new secret when a password is set.