From 6d5911900a793318e61324584a144d2b06b40b2b Mon Sep 17 00:00:00 2001 From: Milos Gajdos Date: Thu, 4 Jul 2024 15:44:41 +0100 Subject: [PATCH] Update Redis configuration docs with TLS options Signed-off-by: Milos Gajdos --- docs/content/about/configuration.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/content/about/configuration.md b/docs/content/about/configuration.md index 5ed5e22cd..88f1a195d 100644 --- a/docs/content/about/configuration.md +++ b/docs/content/about/configuration.md @@ -241,6 +241,11 @@ notifications: actions: - pull redis: + tls: + certificate: /path/to/cert.crt + key: /path/to/key.pem + clientcas: + - /path/to/ca.pem addrs: [localhost:6379] password: asecret db: 0 @@ -959,12 +964,27 @@ how the registry connects to the `redis` instance. You should configure Redis with the **allkeys-lru** eviction policy, because the registry does not set an expiration value on keys. -Under the hood distribution uses [`go-redis`](https://redis.uptrace.dev/) for -redis connectivity and its [`UniversalOptions`](https://pkg.go.dev/github.com/redis/go-redis/v9#UniversalOptions) +Under the hood distribution uses [`go-redis`](https://github.com/redis/go-redis) Go module for +Redis connectivity and its [`UniversalOptions`](https://pkg.go.dev/github.com/redis/go-redis/v9#UniversalOptions) struct. +You can optionally specify TLS configuration on top of the `UniversalOptions` settings. + +Use these settings to configure Redis TLS: + +| Parameter | Required | Description | +|-----------|----------|-------------------------------------------------------| +| `certificate` | yes | Absolute path to the x509 certificate file. | +| `key` | yes | Absolute path to the x509 private key file. | +| `clientcas` | no | An array of absolute paths to x509 CA files. | + ```yaml redis: + tls: + certificate: /path/to/cert.crt + key: /path/to/key.pem + clientcas: + - /path/to/ca.pem addrs: [localhost:6379] password: asecret db: 0