Merge cluster support #68
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Is there any ETA on this? Would be very useful to have this |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
When I originally contributed this plugin, I thought I had merged the cluster-support branch, looks like I messed this up and it never got into the main branch.
I have now done that as well as added support for primary-secondary and sentinel Redis installations, much more common in production usage than a single Redis server. The change also includes support for persisting credentials to the running servers so that if they crash the credentials are preserved when the Redis server is restarted. Also added is support for the default Redis TLS encryption mode which is mutual TLS.
The upgrade of the Radix package from V3 to V4 made the addition of the different installation easier as the developer had unified access to each of the different installation types.
For anyone using the existing plugin to manage a single Redis server, the only difference would be the need to change the initialization parameter from
host=toprimary_hostandport=toprimary_port=. The existing user will have the the ability to also select mutual-TLS authentication with the Redis server as well as the ability to persist the credentials to the Redis server.I have also added Terraform resources to create all of the various Redis server installation types so that it is easy to test against them. Note they rely on docker bridge networking and will only allow you to test on a Linux server. If needed they can be enhanced to support other development platform through the addition of a HAPROXY server to handle the NAT translations etc.
I believe that these changes are needed as the existing plugin does not support the more complex and highly available Redis installation that you would want to manage with Vault in production.
I have not looked at the impact this has on the Spring Cloud Vault integration. [TBD]
Related Issues/Pull Requests