From 9aef0b0be6ddbb787c5d75a0c9130feffc2a46a6 Mon Sep 17 00:00:00 2001 From: Yi Cheng <74173148+iycheng@users.noreply.github.com> Date: Mon, 24 Oct 2022 23:32:23 +0000 Subject: [PATCH 1/3] up --- docs/guidance/gcs-ft.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/guidance/gcs-ft.md b/docs/guidance/gcs-ft.md index 815fce0fd06..d987659969f 100644 --- a/docs/guidance/gcs-ft.md +++ b/docs/guidance/gcs-ft.md @@ -67,6 +67,16 @@ Also, you can specify a storage namespace for your Ray cluster by using an annot An example can be found at [ray-cluster.external-redis.yaml](https://github.com/ray-project/kuberay/blob/master/ray-operator/config/samples/ray-cluster.external-redis.yaml) +To use SSL/TLS in the connection, the following environment variables are needed: + +- `RAY_REDIS_CA_CERT` The location of the CA certificate (optional) +- `RAY_REDIS_CA_PATH` Path of trusted certificates (optional) +- `RAY_REDIS_CLIENT_CERT` File name of client certificate file (optional) +- `RAY_REDIS_CLIENT_KEY` File name of client private key (optional) +- `RAY_REDIS_SERVER_NAME` Server name to request (SNI) (optional) + +Besides, `rediss://` should be added as the prefix of the redis address. + #### KubeRay Operator Controller KubeRay Operator controller watches for new `Event` reconcile call. If this Event object is to notify the failed readiness probe, From 1d1a3cf4ba571d0de0d6de030196da8380fed3a1 Mon Sep 17 00:00:00 2001 From: Yi Cheng <74173148+iycheng@users.noreply.github.com> Date: Mon, 24 Oct 2022 23:33:54 +0000 Subject: [PATCH 2/3] up --- docs/guidance/gcs-ft.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guidance/gcs-ft.md b/docs/guidance/gcs-ft.md index d987659969f..b03c5ff9644 100644 --- a/docs/guidance/gcs-ft.md +++ b/docs/guidance/gcs-ft.md @@ -75,7 +75,7 @@ To use SSL/TLS in the connection, the following environment variables are needed - `RAY_REDIS_CLIENT_KEY` File name of client private key (optional) - `RAY_REDIS_SERVER_NAME` Server name to request (SNI) (optional) -Besides, `rediss://` should be added as the prefix of the redis address. +Besides, `rediss://` should be added as the prefix of the redis address. Ray 2.2 is needed for this feature. #### KubeRay Operator Controller From fecc0217d73cbf7b812c29135f347746a4632735 Mon Sep 17 00:00:00 2001 From: Yi Cheng <74173148+iycheng@users.noreply.github.com> Date: Mon, 24 Oct 2022 16:44:08 -0700 Subject: [PATCH 3/3] Update docs/guidance/gcs-ft.md Co-authored-by: Simon Mo Signed-off-by: Yi Cheng <74173148+iycheng@users.noreply.github.com> --- docs/guidance/gcs-ft.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/guidance/gcs-ft.md b/docs/guidance/gcs-ft.md index b03c5ff9644..a49b7a9e254 100644 --- a/docs/guidance/gcs-ft.md +++ b/docs/guidance/gcs-ft.md @@ -67,7 +67,9 @@ Also, you can specify a storage namespace for your Ray cluster by using an annot An example can be found at [ray-cluster.external-redis.yaml](https://github.com/ray-project/kuberay/blob/master/ray-operator/config/samples/ray-cluster.external-redis.yaml) -To use SSL/TLS in the connection, the following environment variables are needed: +To use SSL/TLS in the connection, you add `rediss://` as the prefix of the redis address instead of the `redis://` prefix. This feature is only available in Ray 2.2 and above. + +You can also specify additional environment variables in the head pod to customize the SSL configuration: - `RAY_REDIS_CA_CERT` The location of the CA certificate (optional) - `RAY_REDIS_CA_PATH` Path of trusted certificates (optional) @@ -75,7 +77,6 @@ To use SSL/TLS in the connection, the following environment variables are needed - `RAY_REDIS_CLIENT_KEY` File name of client private key (optional) - `RAY_REDIS_SERVER_NAME` Server name to request (SNI) (optional) -Besides, `rediss://` should be added as the prefix of the redis address. Ray 2.2 is needed for this feature. #### KubeRay Operator Controller