grafana / oncall

Developer-friendly incident response with brilliant Slack integration
GNU Affero General Public License v3.0
3.55k stars 294 forks source link

fix: pass redis SSL config to connection pool #5220

Open tarvip opened 1 month ago

tarvip commented 1 month ago

What this PR does

This fix will pass SSL config properly to redis connection pool. django-redis passes CONNECTION_POOL_KWARGS and not CONNECTION_POOL_CLASS_KWARGS to connection pool class, related django-redis code can be seen here.

Also, without this fix other settings max_connections and timeout are also not passed to connection pool.

I had issues with external Redis with in-transit encryption enabled using self-signed certs (Google managed Redis). After changing this I can properly pass self-signed CA cert to redis client using REDIS_SSL_CA_CERTS env variable.

Which issue(s) this PR closes

There is no issue created for this problem.

Checklist

CLAassistant commented 1 month ago

CLA assistant check
All committers have signed the CLA.

JNKielmann commented 1 week ago

We are running into the same problem trying to use oncall with a Redis on GCP with in-transit encryption enabled.

tarvip commented 1 week ago

We are running into the same problem trying to use oncall with a Redis on GCP with in-transit encryption enabled.

We have Grafana OnCall deployed using a Helm chart. As a workaround, I added the following env variable:

env:
  - name: REDIS_URI
    value: "$(REDIS_PROTOCOL)://$(REDIS_USERNAME):$(REDIS_PASSWORD)@$(REDIS_HOST):$(REDIS_PORT)/$(REDIS_DATABASE)?ssl_ca_certs=/mnt/redis-tls/server_ca.pem"

Redis CA cert is mounted to /mnt/redis-tls/server_ca.pem.

It would be nice to get this merged. Created this PR almost a month ago, no feedback so far.