Skip to content

Commit

Permalink
Update Redis configuration docs with TLS options
Browse files Browse the repository at this point in the history
Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
  • Loading branch information
milosgajdos committed Jul 4, 2024
1 parent a008d36 commit 6d59119
Showing 1 changed file with 22 additions and 2 deletions.
24 changes: 22 additions & 2 deletions docs/content/about/configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,11 @@ notifications:
actions:
- pull
redis:
tls:
certificate: /path/to/cert.crt
key: /path/to/key.pem
clientcas:
- /path/to/ca.pem
addrs: [localhost:6379]
password: asecret
db: 0
Expand Down Expand Up @@ -959,12 +964,27 @@ how the registry connects to the `redis` instance.
You should configure Redis with the **allkeys-lru** eviction policy, because the
registry does not set an expiration value on keys.

Under the hood distribution uses [`go-redis`](https://redis.uptrace.dev/) for
redis connectivity and its [`UniversalOptions`](https://pkg.go.dev/github.com/redis/go-redis/v9#UniversalOptions)
Under the hood distribution uses [`go-redis`](https://github.com/redis/go-redis) Go module for
Redis connectivity and its [`UniversalOptions`](https://pkg.go.dev/github.com/redis/go-redis/v9#UniversalOptions)
struct.

You can optionally specify TLS configuration on top of the `UniversalOptions` settings.

Use these settings to configure Redis TLS:

| Parameter | Required | Description |
|-----------|----------|-------------------------------------------------------|
| `certificate` | yes | Absolute path to the x509 certificate file. |
| `key` | yes | Absolute path to the x509 private key file. |
| `clientcas` | no | An array of absolute paths to x509 CA files. |

```yaml
redis:
tls:
certificate: /path/to/cert.crt
key: /path/to/key.pem
clientcas:
- /path/to/ca.pem
addrs: [localhost:6379]
password: asecret
db: 0
Expand Down

0 comments on commit 6d59119

Please sign in to comment.