Merge pull request #3161 from bloodorangeio/redis-tls

Add configuration option for Redis TLS
2021-04-23 16:52:54 +01:00 · 2021-04-23 16:52:54 +01:00 · a27b0c4952
commit a27b0c4952
parent 6891d94832 32ccbf193d
3 changed files with 27 additions and 2 deletions
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -268,6 +268,8 @@ redis:
    maxidle: 16
    maxactive: 64
    idletimeout: 300s
+  tls:
+    enabled: false
 health:
  storagedriver:
    enabled: true
@ -1018,13 +1020,16 @@ redis:
    maxidle: 16
    maxactive: 64
    idletimeout: 300s
+  tls:
+    enabled: false
 ```

 Declare parameters for constructing the `redis` connections. Registry instances
 may use the Redis instance for several applications. Currently, it caches
 information about immutable blobs. Most of the `redis` options control
 how the registry connects to the `redis` instance. You can control the pool's
-behavior with the [pool](#pool) subsection.
+behavior with the [pool](#pool) subsection. Additionally, you can control
+TLS connection settings with the [tls](#tls) subsection (in-transit encryption).

 You should configure Redis with the **allkeys-lru** eviction policy, because the
 registry does not set an expiration value on keys.
@ -1055,6 +1060,20 @@ Use these settings to configure the behavior of the Redis connection pool.
 | `maxactive`| no      | The maximum number of connections which can be open before blocking a connection request. |
 | `idletimeout`| no    | How long to wait before closing inactive connections. |

+### `tls`
+
+```none
+tls:
+  enabled: false
+```
+
+Use these settings to configure Redis TLS.
+
+| Parameter | Required | Description                           |
+|-----------|----------|-------------------------------------- |
+| `enabled` | no       | Whether or not to use TLS in-transit. |
+
+
 ## `health`

 ```none