githubSupport for external Redis 6 database was implemented at release 2.11.0 GA (by this RFE) and QE was unable to test TLS because it wasn't documented (at this comment).
Also, it should be possible to specify user credentials to access external Redis, that's currently not possible.
i.e. the implementation that enables customers to use external Redis database must be improved to be able to do that in a secure way, enabling TLS (with possible certificate validation) and credentials.
Dev notes
See this comment for more information on what is required to complete this request. (It doesn't have all the necessary low level details regarding the code changes required on the backend component though)
Rabbit hole explanation here.
Release notes
Porta
- For those using redis sentinels the :name param is now mandatory.
Apisonator
- Redis 6+ required
- TLS and ACL features aren't compatible with Twemproxy
To Document
This adds a way to provide a CA certificate to be trusted by porta: by adding a file called config/ca_cert.pem. This is the load sequence:
- Trust the certificate specified by the operator, configured as a secret referenced from a yaml.
- If the above is not provided, then trust on system certificates installed through update-ca-trust
The file ca_cert.pem can contain a single certificate or a bundle, and it'll be loaded by a Ruby OpenSSL::SSL::SSLContext instance: https://rubyapi.org/2.7/o/openssl/ssl/sslcontext#ca_file
So far this is only used for Redis but it could be extended to other integrations in the future.
- blocks
-
THREESCALE-10908 3scale Operator changes to support TLS/ACL changes for Redis
-
- To Develop
-
- depends on
-
THREESCALE-10027 Update Sidekiq to version 6
-
- Closed
-
- is related to
-
THREESCALE-11020 Add a way for the user to provide TLS certs and keys for porta and backend
-
- To Develop
-
-
-
- To Develop
-
-
-
- Closed
-
-
-
- Developing
-
- links to
-
RHEA-2024:129555
Release of 3scale-operator 0.12.1mas for RHOAM - Containers
- mentioned on
