forked from TrueCloudLab/distribution
Add configuration option for Redis TLS
Signed-off-by: Josh Dolitsky <josh@dolit.ski>
This commit is contained in:
parent
90e62ac24c
commit
32ccbf193d
3 changed files with 27 additions and 2 deletions
|
@ -174,6 +174,11 @@ type Configuration struct {
|
||||||
// DB specifies the database to connect to on the redis instance.
|
// DB specifies the database to connect to on the redis instance.
|
||||||
DB int `yaml:"db,omitempty"`
|
DB int `yaml:"db,omitempty"`
|
||||||
|
|
||||||
|
// TLS configures settings for redis in-transit encryption
|
||||||
|
TLS struct {
|
||||||
|
Enabled bool `yaml:"enabled,omitempty"`
|
||||||
|
} `yaml:"tls,omitempty"`
|
||||||
|
|
||||||
DialTimeout time.Duration `yaml:"dialtimeout,omitempty"` // timeout for connect
|
DialTimeout time.Duration `yaml:"dialtimeout,omitempty"` // timeout for connect
|
||||||
ReadTimeout time.Duration `yaml:"readtimeout,omitempty"` // timeout for reads of data
|
ReadTimeout time.Duration `yaml:"readtimeout,omitempty"` // timeout for reads of data
|
||||||
WriteTimeout time.Duration `yaml:"writetimeout,omitempty"` // timeout for writes of data
|
WriteTimeout time.Duration `yaml:"writetimeout,omitempty"` // timeout for writes of data
|
||||||
|
|
|
@ -268,6 +268,8 @@ redis:
|
||||||
maxidle: 16
|
maxidle: 16
|
||||||
maxactive: 64
|
maxactive: 64
|
||||||
idletimeout: 300s
|
idletimeout: 300s
|
||||||
|
tls:
|
||||||
|
enabled: false
|
||||||
health:
|
health:
|
||||||
storagedriver:
|
storagedriver:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
@ -1018,13 +1020,16 @@ redis:
|
||||||
maxidle: 16
|
maxidle: 16
|
||||||
maxactive: 64
|
maxactive: 64
|
||||||
idletimeout: 300s
|
idletimeout: 300s
|
||||||
|
tls:
|
||||||
|
enabled: false
|
||||||
```
|
```
|
||||||
|
|
||||||
Declare parameters for constructing the `redis` connections. Registry instances
|
Declare parameters for constructing the `redis` connections. Registry instances
|
||||||
may use the Redis instance for several applications. Currently, it caches
|
may use the Redis instance for several applications. Currently, it caches
|
||||||
information about immutable blobs. Most of the `redis` options control
|
information about immutable blobs. Most of the `redis` options control
|
||||||
how the registry connects to the `redis` instance. You can control the pool's
|
how the registry connects to the `redis` instance. You can control the pool's
|
||||||
behavior with the [pool](#pool) subsection.
|
behavior with the [pool](#pool) subsection. Additionally, you can control
|
||||||
|
TLS connection settings with the [tls](#tls) subsection (in-transit encryption).
|
||||||
|
|
||||||
You should configure Redis with the **allkeys-lru** eviction policy, because the
|
You should configure Redis with the **allkeys-lru** eviction policy, because the
|
||||||
registry does not set an expiration value on keys.
|
registry does not set an expiration value on keys.
|
||||||
|
@ -1055,6 +1060,20 @@ Use these settings to configure the behavior of the Redis connection pool.
|
||||||
| `maxactive`| no | The maximum number of connections which can be open before blocking a connection request. |
|
| `maxactive`| no | The maximum number of connections which can be open before blocking a connection request. |
|
||||||
| `idletimeout`| no | How long to wait before closing inactive connections. |
|
| `idletimeout`| no | How long to wait before closing inactive connections. |
|
||||||
|
|
||||||
|
### `tls`
|
||||||
|
|
||||||
|
```none
|
||||||
|
tls:
|
||||||
|
enabled: false
|
||||||
|
```
|
||||||
|
|
||||||
|
Use these settings to configure Redis TLS.
|
||||||
|
|
||||||
|
| Parameter | Required | Description |
|
||||||
|
|-----------|----------|-------------------------------------- |
|
||||||
|
| `enabled` | no | Whether or not to use TLS in-transit. |
|
||||||
|
|
||||||
|
|
||||||
## `health`
|
## `health`
|
||||||
|
|
||||||
```none
|
```none
|
||||||
|
|
|
@ -518,7 +518,8 @@ func (app *App) configureRedis(configuration *configuration.Configuration) {
|
||||||
configuration.Redis.Addr,
|
configuration.Redis.Addr,
|
||||||
redis.DialConnectTimeout(configuration.Redis.DialTimeout),
|
redis.DialConnectTimeout(configuration.Redis.DialTimeout),
|
||||||
redis.DialReadTimeout(configuration.Redis.ReadTimeout),
|
redis.DialReadTimeout(configuration.Redis.ReadTimeout),
|
||||||
redis.DialWriteTimeout(configuration.Redis.WriteTimeout))
|
redis.DialWriteTimeout(configuration.Redis.WriteTimeout),
|
||||||
|
redis.DialUseTLS(configuration.Redis.TLS.Enabled))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
dcontext.GetLogger(app).Errorf("error connecting to redis instance %s: %v",
|
dcontext.GetLogger(app).Errorf("error connecting to redis instance %s: %v",
|
||||||
configuration.Redis.Addr, err)
|
configuration.Redis.Addr, err)
|
||||||
|
|
Loading…
Reference in a new issue