1
0
mirror of https://github.com/distribution/distribution synced 2024-11-06 19:35:52 +01:00

Add configuration option for Redis TLS

Signed-off-by: Josh Dolitsky <josh@dolit.ski>
This commit is contained in:
Josh Dolitsky 2021-03-01 18:55:56 -05:00
parent 90e62ac24c
commit 32ccbf193d
No known key found for this signature in database
GPG Key ID: B2B93673243A65FB
3 changed files with 27 additions and 2 deletions

@ -174,6 +174,11 @@ type Configuration struct {
// DB specifies the database to connect to on the redis instance. // DB specifies the database to connect to on the redis instance.
DB int `yaml:"db,omitempty"` DB int `yaml:"db,omitempty"`
// TLS configures settings for redis in-transit encryption
TLS struct {
Enabled bool `yaml:"enabled,omitempty"`
} `yaml:"tls,omitempty"`
DialTimeout time.Duration `yaml:"dialtimeout,omitempty"` // timeout for connect DialTimeout time.Duration `yaml:"dialtimeout,omitempty"` // timeout for connect
ReadTimeout time.Duration `yaml:"readtimeout,omitempty"` // timeout for reads of data ReadTimeout time.Duration `yaml:"readtimeout,omitempty"` // timeout for reads of data
WriteTimeout time.Duration `yaml:"writetimeout,omitempty"` // timeout for writes of data WriteTimeout time.Duration `yaml:"writetimeout,omitempty"` // timeout for writes of data

@ -268,6 +268,8 @@ redis:
maxidle: 16 maxidle: 16
maxactive: 64 maxactive: 64
idletimeout: 300s idletimeout: 300s
tls:
enabled: false
health: health:
storagedriver: storagedriver:
enabled: true enabled: true
@ -1018,13 +1020,16 @@ redis:
maxidle: 16 maxidle: 16
maxactive: 64 maxactive: 64
idletimeout: 300s idletimeout: 300s
tls:
enabled: false
``` ```
Declare parameters for constructing the `redis` connections. Registry instances Declare parameters for constructing the `redis` connections. Registry instances
may use the Redis instance for several applications. Currently, it caches may use the Redis instance for several applications. Currently, it caches
information about immutable blobs. Most of the `redis` options control information about immutable blobs. Most of the `redis` options control
how the registry connects to the `redis` instance. You can control the pool's how the registry connects to the `redis` instance. You can control the pool's
behavior with the [pool](#pool) subsection. behavior with the [pool](#pool) subsection. Additionally, you can control
TLS connection settings with the [tls](#tls) subsection (in-transit encryption).
You should configure Redis with the **allkeys-lru** eviction policy, because the You should configure Redis with the **allkeys-lru** eviction policy, because the
registry does not set an expiration value on keys. registry does not set an expiration value on keys.
@ -1055,6 +1060,20 @@ Use these settings to configure the behavior of the Redis connection pool.
| `maxactive`| no | The maximum number of connections which can be open before blocking a connection request. | | `maxactive`| no | The maximum number of connections which can be open before blocking a connection request. |
| `idletimeout`| no | How long to wait before closing inactive connections. | | `idletimeout`| no | How long to wait before closing inactive connections. |
### `tls`
```none
tls:
enabled: false
```
Use these settings to configure Redis TLS.
| Parameter | Required | Description |
|-----------|----------|-------------------------------------- |
| `enabled` | no | Whether or not to use TLS in-transit. |
## `health` ## `health`
```none ```none

@ -518,7 +518,8 @@ func (app *App) configureRedis(configuration *configuration.Configuration) {
configuration.Redis.Addr, configuration.Redis.Addr,
redis.DialConnectTimeout(configuration.Redis.DialTimeout), redis.DialConnectTimeout(configuration.Redis.DialTimeout),
redis.DialReadTimeout(configuration.Redis.ReadTimeout), redis.DialReadTimeout(configuration.Redis.ReadTimeout),
redis.DialWriteTimeout(configuration.Redis.WriteTimeout)) redis.DialWriteTimeout(configuration.Redis.WriteTimeout),
redis.DialUseTLS(configuration.Redis.TLS.Enabled))
if err != nil { if err != nil {
dcontext.GetLogger(app).Errorf("error connecting to redis instance %s: %v", dcontext.GetLogger(app).Errorf("error connecting to redis instance %s: %v",
configuration.Redis.Addr, err) configuration.Redis.Addr, err)