update tlsOptions for external redis (#21681)

Signed-off-by: yminer <miner.yang@broadcom.com> Co-authored-by: yminer <miner.yang@broadcom.com>
2025-04-22 17:59:30 +00:00 · 2025-03-10 19:45:18 +08:00 · 2025-03-10 19:45:18 +08:00 · 3b8c18fd26
commit 3b8c18fd26
parent e40db21681
2 changed files with 4 additions and 3 deletions
--- a/make/harbor.yml.tmpl
+++ b/make/harbor.yml.tmpl
@ -220,7 +220,8 @@ _version: 2.12.0
 #   # mtls for redis connection is not supported
 #   # tls connection will be disable by default 
 #   tlsOptions:
-#   # if the tlsOptions.rootCA has been specified, then tls connection will be enabled.
+#     enable: false
 #   # if it is a self-signed ca, please set the ca path specifically.
 #     rootCA:
 #   # db_index 0 is for core, it's unchangeable
 #   registry_db_index: 1
--- a/make/photon/prepare/utils/configs.py
+++ b/make/photon/prepare/utils/configs.py
@ -356,7 +356,7 @@ def parse_yaml_config(config_file_path, with_trivy):
    return config_dict
 def get_redis_schema(redis=None):
-    if 'tlsOptions' in redis and redis['tlsOptions'].get('rootCA') is not None:
+    if 'tlsOptions' in redis and redis['tlsOptions'].get('enable'):
        return redis.get('sentinel_master_set', None) and 'rediss+sentinel' or 'rediss'
    else:
        return redis.get('sentinel_master_set', None) and 'redis+sentinel' or 'redis'
@ -465,7 +465,7 @@ def get_redis_configs(internal_redis=None, external_redis=None, with_trivy=True)
    if with_trivy:
        configs['trivy_redis_url'] = get_redis_url(redis['trivy_db_index'], redis)
-    if 'tlsOptions' in redis and redis['tlsOptions'].get('rootCA') is not None:
+    if 'tlsOptions' in redis and redis['tlsOptions'].get('enable'):
        configs['redis_custom_tls_ca_path'] = redis['tlsOptions']['rootCA']
    return configs