forked from TrueCloudLab/distribution
Merge pull request #3161 from bloodorangeio/redis-tls
Add configuration option for Redis TLS
This commit is contained in:
commit
a27b0c4952
3 changed files with 27 additions and 2 deletions
|
@ -174,6 +174,11 @@ type Configuration struct {
|
|||
// DB specifies the database to connect to on the redis instance.
|
||||
DB int `yaml:"db,omitempty"`
|
||||
|
||||
// TLS configures settings for redis in-transit encryption
|
||||
TLS struct {
|
||||
Enabled bool `yaml:"enabled,omitempty"`
|
||||
} `yaml:"tls,omitempty"`
|
||||
|
||||
DialTimeout time.Duration `yaml:"dialtimeout,omitempty"` // timeout for connect
|
||||
ReadTimeout time.Duration `yaml:"readtimeout,omitempty"` // timeout for reads of data
|
||||
WriteTimeout time.Duration `yaml:"writetimeout,omitempty"` // timeout for writes of data
|
||||
|
|
|
@ -268,6 +268,8 @@ redis:
|
|||
maxidle: 16
|
||||
maxactive: 64
|
||||
idletimeout: 300s
|
||||
tls:
|
||||
enabled: false
|
||||
health:
|
||||
storagedriver:
|
||||
enabled: true
|
||||
|
@ -1018,13 +1020,16 @@ redis:
|
|||
maxidle: 16
|
||||
maxactive: 64
|
||||
idletimeout: 300s
|
||||
tls:
|
||||
enabled: false
|
||||
```
|
||||
|
||||
Declare parameters for constructing the `redis` connections. Registry instances
|
||||
may use the Redis instance for several applications. Currently, it caches
|
||||
information about immutable blobs. Most of the `redis` options control
|
||||
how the registry connects to the `redis` instance. You can control the pool's
|
||||
behavior with the [pool](#pool) subsection.
|
||||
behavior with the [pool](#pool) subsection. Additionally, you can control
|
||||
TLS connection settings with the [tls](#tls) subsection (in-transit encryption).
|
||||
|
||||
You should configure Redis with the **allkeys-lru** eviction policy, because the
|
||||
registry does not set an expiration value on keys.
|
||||
|
@ -1055,6 +1060,20 @@ Use these settings to configure the behavior of the Redis connection pool.
|
|||
| `maxactive`| no | The maximum number of connections which can be open before blocking a connection request. |
|
||||
| `idletimeout`| no | How long to wait before closing inactive connections. |
|
||||
|
||||
### `tls`
|
||||
|
||||
```none
|
||||
tls:
|
||||
enabled: false
|
||||
```
|
||||
|
||||
Use these settings to configure Redis TLS.
|
||||
|
||||
| Parameter | Required | Description |
|
||||
|-----------|----------|-------------------------------------- |
|
||||
| `enabled` | no | Whether or not to use TLS in-transit. |
|
||||
|
||||
|
||||
## `health`
|
||||
|
||||
```none
|
||||
|
|
|
@ -518,7 +518,8 @@ func (app *App) configureRedis(configuration *configuration.Configuration) {
|
|||
configuration.Redis.Addr,
|
||||
redis.DialConnectTimeout(configuration.Redis.DialTimeout),
|
||||
redis.DialReadTimeout(configuration.Redis.ReadTimeout),
|
||||
redis.DialWriteTimeout(configuration.Redis.WriteTimeout))
|
||||
redis.DialWriteTimeout(configuration.Redis.WriteTimeout),
|
||||
redis.DialUseTLS(configuration.Redis.TLS.Enabled))
|
||||
if err != nil {
|
||||
dcontext.GetLogger(app).Errorf("error connecting to redis instance %s: %v",
|
||||
configuration.Redis.Addr, err)
|
||||
|
|
Loading…
Reference in a new issue