Skip to content

feat(redis-ha-proxy): Configure Redis Ha Proxy TLS settings#1218

Open
akhilnittala wants to merge 1 commit into
redhat-developer:masterfrom
akhilnittala:usr/akhil/GITOPS-10289
Open

feat(redis-ha-proxy): Configure Redis Ha Proxy TLS settings#1218
akhilnittala wants to merge 1 commit into
redhat-developer:masterfrom
akhilnittala:usr/akhil/GITOPS-10289

Conversation

@akhilnittala

Copy link
Copy Markdown
Member

What type of PR is this?
/kind enhancement

What does this PR do / why we need it:
Configure TLS settings for redis ha proxy.
Have you updated the necessary documentation?

  • [*] Documentation update is required by this PR.
  • Documentation has been updated.

Which issue(s) this PR fixes:

Fixes #?
https://redhat.atlassian.net/browse/GITOPS-10289
Test acceptance criteria:

  • Unit Test
  • E2E Test

How to test changes / Special notes to the reviewer:

deploy redis ha proxy pods with ha.enabled to true in argocd CR.

Signed-off-by: akhil nittala <nakhil@redhat.com>
@openshift-ci

openshift-ci Bot commented Jul 15, 2026

Copy link
Copy Markdown

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci

openshift-ci Bot commented Jul 15, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign adamsaleh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Summary by CodeRabbit

  • Bug Fixes
    • Improved TLS configuration for Redis and Sentinel health checks.
    • Ensured encrypted connections are used when TLS is enabled.
    • Added support for minimum TLS versions and separate TLS 1.2 and TLS 1.3 cipher settings.
    • Strengthened certificate verification for upstream connections.

Walkthrough

The HAProxy Redis template adds conditional TLS protocol and cipher configuration. TLS-enabled Sentinel health checks and Redis master backend connections now explicitly use SSL with required certificate verification.

Changes

Redis TLS configuration

Layer / File(s) Summary
TLS protocol and cipher tuning
build/redis/haproxy.cfg.tpl
The UseTLS path conditionally configures the minimum TLS version, TLS 1.2-or-below ciphers, and TLS 1.3 cipher suites.
TLS-enabled Redis and Sentinel upstreams
build/redis/haproxy.cfg.tpl
Sentinel health-check servers and Redis master backend servers add explicit ssl usage while retaining required certificate verification.

Estimated code review effort: 3 (Moderate) | ~15–30 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: configuring TLS settings for Redis HA Proxy.
Description check ✅ Passed The description is directly related to the changeset and correctly describes the TLS configuration update.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@akhilnittala akhilnittala marked this pull request as ready for review July 15, 2026 04:49
@openshift-ci openshift-ci Bot requested review from anandrkskd and wtam2018 July 15, 2026 04:50

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@build/redis/haproxy.cfg.tpl`:
- Around line 11-23: Update the TLS configuration conditional in the HAProxy
template so TLS 1.2 cipher directives use .tlsCiphers while TLS 1.3 cipher-suite
directives use a separate TLS 1.3-formatted value such as .tlsCipherSuites.
Ensure the same cipher string is never rendered for both ssl-default-*-ciphers
and ssl-default-*-ciphersuites, and adjust the surrounding configuration data to
provide the new field.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 57a48a69-e973-4104-981e-e257f8f3e114

📥 Commits

Reviewing files that changed from the base of the PR and between ed6cda4 and 1d3149c.

📒 Files selected for processing (1)
  • build/redis/haproxy.cfg.tpl
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • argoproj-labs/argocd-operator (manual)

Comment thread build/redis/haproxy.cfg.tpl
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

kind/enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant