Open tarvip opened 1 month ago
We are running into the same problem trying to use oncall with a Redis on GCP with in-transit encryption enabled.
We are running into the same problem trying to use oncall with a Redis on GCP with in-transit encryption enabled.
We have Grafana OnCall deployed using a Helm chart. As a workaround, I added the following env variable:
env:
- name: REDIS_URI
value: "$(REDIS_PROTOCOL)://$(REDIS_USERNAME):$(REDIS_PASSWORD)@$(REDIS_HOST):$(REDIS_PORT)/$(REDIS_DATABASE)?ssl_ca_certs=/mnt/redis-tls/server_ca.pem"
Redis CA cert is mounted to /mnt/redis-tls/server_ca.pem
.
It would be nice to get this merged. Created this PR almost a month ago, no feedback so far.
What this PR does
This fix will pass SSL config properly to redis connection pool. django-redis passes
CONNECTION_POOL_KWARGS
and notCONNECTION_POOL_CLASS_KWARGS
to connection pool class, related django-redis code can be seen here.Also, without this fix other settings
max_connections
andtimeout
are also not passed to connection pool.I had issues with external Redis with in-transit encryption enabled using self-signed certs (Google managed Redis). After changing this I can properly pass self-signed CA cert to redis client using
REDIS_SSL_CA_CERTS
env variable.Which issue(s) this PR closes
There is no issue created for this problem.
Checklist
pr:no public docs
PR label added if not required)release:
). These labels dictate how your PR will show up in the autogenerated release notes.