Remove redis sentinel and add TLS support

aledbf · roboquat · commit c9528c8c3ef2 · 2022-11-04T20:00:09.000+01:00
diff --git a/components/registry-facade-api/go/config/config.go b/components/registry-facade-api/go/config/config.go
@@ -80,10 +80,11 @@ type RedisCacheConfig struct {
 
 	SingleHostAddress string `json:"singleHostAddr,omitempty"`
 
-	MasterName    string   `json:"masterName,omitempty"`
-	SentinelAddrs []string `json:"sentinelAddrs,omitempty"`
-	Username      string   `json:"username,omitempty"`
-	Password      string   `json:"-" env:"REDIS_PASSWORD"`
+	Username string `json:"username,omitempty"`
+	Password string `json:"-" env:"REDIS_PASSWORD"`
+
+	UseTLS             bool `json:"useTLS,omitempty"`
+	InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
 }
 
 type IPFSCacheConfig struct {
diff --git a/components/registry-facade/pkg/registry/registry.go b/components/registry-facade/pkg/registry/registry.go
@@ -6,6 +6,7 @@ package registry
 
 import (
 	"context"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
@@ -253,51 +254,29 @@ func NewRegistry(cfg config.Config, newResolver ResolverProvider, reg prometheus
 }
 
 func getRedisClient(cfg *config.RedisCacheConfig) (*redis.Client, error) {
-	if cfg.SingleHostAddress != "" {
-		log.WithField("addr", cfg.SingleHostAddress).WithField("username", cfg.Username).Info("connecting to single Redis host")
-		rdc := redis.NewClient(&redis.Options{
-			Addr:     cfg.SingleHostAddress,
-			Username: cfg.Username,
-			Password: cfg.Password,
-		})
-
-		ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
-		defer cancel()
-
-		_, err := rdc.Ping(ctx).Result()
-		if err != nil {
-			return nil, xerrors.Errorf("cannot check Redis connection: %w", err)
-		}
-
-		return rdc, nil
+	if cfg.SingleHostAddress == "" {
+		return nil, xerrors.Errorf("registry-facade setting 'singleHostAddr' is missing")
 	}
 
-	if cfg.MasterName == "" {
-		return nil, fmt.Errorf("redis masterName must not be empty")
-	}
-	if len(cfg.SentinelAddrs) == 0 {
-		return nil, fmt.Errorf("redis sentinelAddrs must not be empty")
+	opts := &redis.Options{
+		Addr:     cfg.SingleHostAddress,
+		Username: cfg.Username,
+		Password: cfg.Password,
 	}
 
-	rdc := redis.NewFailoverClient(&redis.FailoverOptions{
-		MasterName:    cfg.MasterName,
-		SentinelAddrs: cfg.SentinelAddrs,
-		Username:      cfg.Username,
-		Password:      cfg.Password,
-
-		SentinelUsername: cfg.Username,
-		SentinelPassword: cfg.Password,
+	if cfg.UseTLS {
+		opts.TLSConfig = &tls.Config{
+			// golang tls does not support verify certificate without any SANs
+			InsecureSkipVerify: cfg.InsecureSkipVerify,
+		}
+	}
 
-		MaxRetries:      10,
-		MinRetryBackoff: time.Millisecond * 100,
-		MaxRetryBackoff: time.Minute * 1,
-		ReadTimeout:     time.Second * 30,
-		WriteTimeout:    time.Second * 5,
-	})
+	log.WithField("addr", cfg.SingleHostAddress).WithField("tls", cfg.UseTLS).Info("connecting to single Redis host")
 
-	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
 	defer cancel()
 
+	rdc := redis.NewClient(opts)
 	_, err := rdc.Ping(ctx).Result()
 	if err != nil {
 		return nil, xerrors.Errorf("cannot check Redis connection: %w", err)
diff --git a/install/installer/pkg/components/registry-facade/configmap.go b/install/installer/pkg/components/registry-facade/configmap.go
@@ -38,10 +38,11 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 		if ucfg.Workspace.RegistryFacade.RedisCache.Enabled {
 			cacheCfg := ucfg.Workspace.RegistryFacade.RedisCache
 			redisCache = &regfac.RedisCacheConfig{
-				Enabled:       true,
-				MasterName:    cacheCfg.MasterName,
-				SentinelAddrs: cacheCfg.SentinelAddrs,
-				Username:      cacheCfg.Username,
+				Enabled:            true,
+				SingleHostAddress:  cacheCfg.SingleHostAddress,
+				Username:           cacheCfg.Username,
+				UseTLS:             cacheCfg.UseTLS,
+				InsecureSkipVerify: cacheCfg.InsecureSkipVerify,
 			}
 		}
 
diff --git a/install/installer/pkg/config/v1/experimental/experimental.go b/install/installer/pkg/config/v1/experimental/experimental.go
@@ -92,11 +92,12 @@ type WorkspaceConfig struct {
 			IPFSAddr string `json:"ipfsAddr"`
 		} `json:"ipfsCache"`
 		RedisCache struct {
-			Enabled        bool     `json:"enabled"`
-			MasterName     string   `json:"masterName"`
-			SentinelAddrs  []string `json:"sentinelAddrs"`
-			Username       string   `json:"username"`
-			PasswordSecret string   `json:"passwordSecret"`
+			Enabled            bool   `json:"enabled"`
+			SingleHostAddress  string `json:"singleHostAddr"`
+			Username           string `json:"username"`
+			PasswordSecret     string `json:"passwordSecret"`
+			UseTLS             bool   `json:"useTLS"`
+			InsecureSkipVerify bool   `json:"insecureSkipVerify"`
 		} `json:"redisCache"`
 	} `json:"registryFacade"`
 
