RedisProvider

microgateway.airlock.com/v1alpha1

RedisProvider defines a client configuration for connecting to a Redis database.

apiVersion: microgateway.airlock.com/v1alpha1
kind: RedisProvider
metadata:
  name: redis-provider-example
spec:
  mode:
    standalone:
      host: redis.example.com
      port: 1111
  tls: # Enable mTLS with pinned CA for server certificate verification.
    certificateVerification:
      custom:
        trustedCA:
          certificates:
            - secretRef:
                name: ca
    clientCertificate:
      secretRef:
        name: client-certificate
  timeouts:
    connect: 10s
  auth:
    username: user1
    password:
      secretRef:
        name: redis-password

RedisProvider

Field Description Type Required Default Allowed Values
metadata defines the resource’s metadata ObjectMeta yes
spec defines the desired Redis client configuration. object yes

RedisProvider.spec

Field Description Type Required Default Allowed Values
auth specifies the Redis credentials. object no
mode configures the redis deployment mode. object yes cluster{}, sentinel{}, standalone{}
timeouts specifies the timeouts when interacting with the Redis endpoint. object no
tls defines TLS settings. If not specified, TLS is disabled i.e. unencrypted TCP is used when connecting to the Redis instance. object no

RedisProvider.spec.auth

Field Description Type Required Default Allowed Values
password specifies the Redis password. object yes
username specifies the Redis username to authenticate with. string no default

RedisProvider.spec.auth.password

Field Description Type Required Default Allowed Values
secretRef selects the secret containing the Redis password under the key ‘redis.password’. object yes

RedisProvider.spec.auth.password.secretRef

Field Description Type Required Default Allowed Values
name of the resource string yes

RedisProvider.spec.mode

Field Description Type Required Default Allowed Values
cluster specifies the Redis Cluster to connect to. object no
sentinel specifies the Redis Sentinels to connect to. object no
standalone specifies the standalone Redis instance to connect to. object no

RedisProvider.spec.mode.cluster

Field Description Type Required Default Allowed Values
nodes specifies the Cluster nodes. object[] yes

RedisProvider.spec.mode.cluster.nodes[]

Field Description Type Required Default Allowed Values
host specifies the IP or hostname. string yes
port specifies the port. int64 no 6379 [1, 65535]

RedisProvider.spec.mode.sentinel

Field Description Type Required Default Allowed Values
masterName specifies the master name. string yes
nodes specifies the Sentinel nodes. object[] yes

RedisProvider.spec.mode.sentinel.nodes[]

Field Description Type Required Default Allowed Values
host specifies the IP or hostname. string yes
port specifies the port. int64 no 6379 [1, 65535]

RedisProvider.spec.mode.standalone

Field Description Type Required Default Allowed Values
host specifies the IP or hostname. string yes
port specifies the port. int64 no 6379 [1, 65535]

RedisProvider.spec.tls

Field Description Type Required Default Allowed Values
certificateVerification specifies how the certificate presented by the server is verified. object no publicCAs{...} custom{}, disabled{}, publicCAs{}
clientCertificate configures client certificate authentication. If not specified, TLS-based client authentication is disabled. object no

RedisProvider.spec.tls.certificateVerification

Field Description Type Required Default Allowed Values
custom explicitly specifies how the server certificate should be verified. object no
disabled specifies to trust any certificate without verification. THIS IS INSECURE AND SHOULD ONLY BE USED FOR TESTING.
Note: This setting currently also disables TLS SNI.		 object no {}
publicCAs specifies to only accept certificates with a SAN matching the host and which are signed by a CA which is either directly or indirectly trusted by any of the root CA certificates shipped with the Airlock Microgateway Session Agent’s base image. object no {}

RedisProvider.spec.tls.certificateVerification.custom

Field Description Type Required Default Allowed Values
trustedCA defines which CA certificates are trusted. object yes

RedisProvider.spec.tls.certificateVerification.custom.trustedCA

Field Description Type Required Default Allowed Values
certificates defines the list of secretRefs containing trusted CA certificates. object[] yes

RedisProvider.spec.tls.certificateVerification.custom.trustedCA.certificates[]

Field Description Type Required Default Allowed Values
secretRef defines the reference to a secret containing one or more CA certificates under the key ‘ca.crt’. object yes

RedisProvider.spec.tls.certificateVerification.custom.trustedCA.certificates[].secretRef

Field Description Type Required Default Allowed Values
name of the resource string yes

RedisProvider.spec.tls.clientCertificate

Field Description Type Required Default Allowed Values
secretRef specifies the client certificate to use (secret of type kubernetes.io/tls). object yes

RedisProvider.spec.tls.clientCertificate.secretRef

Field Description Type Required Default Allowed Values
name of the resource string yes

RedisProvider.spec.timeouts

Field Description Type Required Default Allowed Values
connect specifies the timeout for establishing a connection. string (duration) no 5s See link
maxDuration specifies the response timeout. string (duration) no 2s See link