feat: Improve cluster node discovery with TLS and auth #1067
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
November 28, 2025 16:15
This commit enhances the service discovery for Redis/Valkey clusters, particularly for those using TLS and authentication. Key changes: - The exporter now caches authentication credentials for dynamically discovered cluster nodes, allowing it to scrape metrics from clusters that require passwords. - The `/discover-cluster-nodes` endpoint now correctly preserves the `rediss://` or `valkeys://` scheme for TLS-enabled clusters. - The discovery handler can now connect to an arbitrary cluster specified by the `target` parameter, making it more flexible. - TLS configuration now includes the server name (SNI), improving security and compatibility. A comprehensive set of tests has been added to validate these new capabilities, including scenarios for: - Discovering and scraping nodes in password-protected clusters. - Discovering and scraping nodes in TLS-enabled clusters. - Handling different URI schemes (`redis://`, `rediss://`, `valkey://`, `valkeys://`).
Owner
|
Thanks for the PR - I'll try to get to reviewing it in the next couple of days.
I just merged the |
Author
|
Now depends on oliver006/docker-valkey-cluster#2 to actually build the test cluster with TLS. I am testing on Apple Silicon so am not able to run the Redis 2.8 and KeyDB containers since they are x86 only. If I remove them from the Makefile options I get 3 failing tests that seem unrelated to my work. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit enhances the service discovery for Redis/Valkey clusters, particularly for those using TLS and authentication.
Key changes:
/discover-cluster-nodesendpoint now correctly preserves therediss://orvalkeys://scheme for TLS-enabled clusters.targetparameter, making it more flexible.A comprehensive set of tests has been added to validate these new capabilities, including scenarios for:
redis://,rediss://,valkey://,valkeys://).Note: Depends on oliver006/docker-valkey-cluster#1 to update the
valkey-cluster.tmplfile used by envsubst when building the test cluster.