New setting to enable TLS connections on redis

openaustralia · Apr 2, 2020 · 26e3320 · 26e3320
1 parent 6e64767
commit 26e3320
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 2 deletions.
diff --git a/cmd/server/server.go b/cmd/server/server.go
@@ -35,9 +35,14 @@ func main() {
 				AccessKey: getMandatoryEnv("STORE_ACCESS_KEY"),
 				SecretKey: getMandatoryEnv("STORE_SECRET_KEY"),
 			}
+			var tls bool
+			if os.Getenv("REDIS_TLS") == "true" {
+				tls = true
+			}
 			redisOptions := commands.RedisOptions{
 				Address:  getMandatoryEnv("REDIS_HOST"),
 				Password: getMandatoryEnv("REDIS_PASSWORD"),
+				TLS:      tls,
 			}
 			authenticationURL := os.Getenv("AUTHENTICATION_URL")
 			usageURL := os.Getenv("USAGE_URL")

diff --git a/deployments/helm/yinyo/templates/deployment.yaml b/deployments/helm/yinyo/templates/deployment.yaml
@@ -54,6 +54,11 @@ spec:
                 secretKeyRef:
                   name: {{ .Release.Name }}-server-redis
                   key: password
+            - name: REDIS_TLS
+              valueFrom:
+                configMapKeyRef:
+                  name: {{ .Release.Name }}-server-redis
+                  key: tls
             - name: RUN_DOCKER_IMAGE
               valueFrom:
                 configMapKeyRef:

diff --git a/deployments/kubectl/configmap-yinyo-server-redis.yaml b/deployments/kubectl/configmap-yinyo-server-redis.yaml
@@ -4,3 +4,4 @@ metadata:
   name: yinyo-server-redis
 data:
   host: "redis-master:6379"
+  tls: "false"
diff --git a/pkg/commands/commands.go b/pkg/commands/commands.go
@@ -2,6 +2,7 @@ package commands
 
 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/csv"
 	"encoding/json"
 	"errors"
@@ -85,6 +86,7 @@ type MinioOptions struct {
 type RedisOptions struct {
 	Address  string
 	Password string
+	TLS      bool
 }
 
 // New initialises the main state of the application
@@ -100,9 +102,14 @@ func New(startupOptions *StartupOptions) (App, error) {
 	}
 
 	// Connect to redis and initially just check that we can connect
+	var tlsConfig *tls.Config
+	if startupOptions.Redis.TLS {
+		tlsConfig = &tls.Config{}
+	}
 	redisClient := redis.NewClient(&redis.Options{
-		Addr:     startupOptions.Redis.Address,
-		Password: startupOptions.Redis.Password,
+		Addr:      startupOptions.Redis.Address,
+		Password:  startupOptions.Redis.Password,
+		TLSConfig: tlsConfig,
 	})
 	_, err = redisClient.Ping().Result()
 	if err != nil {