Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[charts/redis-ha] Fix redis-cli --tls argument usage #237

Merged
merged 3 commits into from
Mar 2, 2023
Merged

[charts/redis-ha] Fix redis-cli --tls argument usage #237

merged 3 commits into from
Mar 2, 2023

Conversation

terricain
Copy link
Contributor

@terricain terricain commented Oct 24, 2022
edited
Loading

What this PR does / why we need it:

When you run Redis with TLS with authClients set to "no", the fix-split-brain sidecar does not talk to Redis or Sentinel over TLS.
authClients only configures whether or not mutual TLS is required therefore moving the --tls --cacert arguments out of the conditional checking authClients fixes this issue.

Also updated the TLS_CLIENT_OPTION so that --cert and --key are only used if client authentication is required.

Example Helm values snippet 
  redis:
    port: 0

    tlsPort: 6385
    tlsReplication: true
    authClients: "no"

  sentinel:
    # Disable non-TLS port
    port: 0

    tlsPort: 26385
    tlsReplication: true
    authClients: "no"

  tls:
    secretName: cert-redis
    certFile: tls.crt
    keyFile: tls.key
    caCertFile: ca.crt

Which issue this PR fixes

Didn't raise an issue, though I can if it helps.

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

  • DCO signed
  • Chart Version bumped
  • Title of the PR starts with chart name (e.g. [stable/mychartname])

@DandyDeveloper
Copy link
Owner

@terrycain Thank you, LGTM, will be getting a lot of stuff merged today. Sorry for taking so long, lots going on IORL

DandyDeveloper
DandyDeveloper previously approved these changes Mar 2, 2023
View reviewed changes
@DandyDeveloper DandyDeveloper reopened this Mar 2, 2023
@DandyDeveloper DandyDeveloper merged commit 6d8f491 into DandyDeveloper:master Mar 2, 2023
@terricain terricain deleted the fix_redis_tls_script branch March 2, 2023 11:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DandyDeveloper DandyDeveloper DandyDeveloper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@terricain @DandyDeveloper