Registry: add redis rate-limiter connection settings

What does this MR do?

The container registry has recently added connection settings for a new Redis instance that will be used for rate-limiting purposes https://gitlab.com/gitlab-org/container-registry/-/issues/1254+.

We now need to expose this settings on the Registry chart to allow configuring the connection.

This MR does not contain any behavioral configuration of the rate-limiting itself. That will be included later once we work out more of the details for https://gitlab.com/groups/gitlab-org/-/epics/13237+.

Once this change is merged, we will test the connection to the newly provisioned Redis cluster on pre https://gitlab.com/gitlab-com/gl-infra/scalability/-/issues/3473+.

Related issues

Related to https://gitlab.com/gitlab-org/container-registry/-/issues/1278+

Testing

1. Using gitlab.redis.password.secret:

Contents of values.yaml

registry:
  redis:
    rateLimiter:
      enabled: true
      password:
        enabled: true
      username: registry
      db: 0
      dialtimeout: 10ms
      readtimeout: 10ms
      writetimeout: 10ms
      tls:
        enabled: true
        insecure: true
      pool:
        size: 10
        maxlifetime: 1h
        idletimeout: 300s

2. Wait for the deployment and shell into the registry.
3. Tail the registry logs and look for a message similar to:

{"go_version":"go1.22.4","instance_id":"f6d778a3-960f-43fb-9174-a9566d968e7d"," │
│ level":"info","msg":"redis rate-limiter configured successfully","service":"reg │
│ istry","time":"2024-06-19T06:27:52.570Z","version":"v4.5.0-gitlab"}

---

Additionally, you can verify that the settings propagated correctly to the registry settings:

1. Shell into the registry container in the pod
2. Check the registry config file

cat /etc/docker/registry/config.yml
...
redis:
  ratelimiter:
    enabled: true
    addr: "gitlab-redis-master.default.svc:6379"
    username: registry
    password: "<REDACTED>"
    db: 0
    dialtimeout: 10ms
    readtimeout: 10ms
    writetimeout: 10ms
    tls:
      enabled: true
      insecure: true
    pool:
      size: 10
      maxlifetime: 1h
      idletimeout: 300s

---

Using a custom secret:

1. Create a new secret, for example:

 kubectl create secret generic my-custom-redis-pass \
  --from-literal=password='thisisacustompassword'

2. Replace the secret and key with the custom secret name in your values.yaml file

registry:
  redis:
    rateLimiter:
      enabled: true
      password:
        enabled: true
        secret: "my-custom-redis-pass"
        key: password

3. Trigger deployment and check that passwords match inside the registry's config file in the container

tail -5 /etc/docker/registry/config.yml
redis:
  ratelimiter:
    enabled: true
    addr: "gitlab-redis-master.default.svc:6379"
    password: "thisisacustompassword"

Author checklist

For general guidance, please follow our Contributing guide.

Required

For anything in this list which will not be completed, please provide a reason in the MR discussion.

• Merge Request Title and Description are up to date, accurate, and descriptive.
• MR targeting the appropriate branch.
• MR has a green pipeline.
• Documentation created/updated.
• Tests added/updated, and test plan for scenarios not covered by automated tests.
• [-] Equivalent MR/issue for omnibus-gitlab opened.
  • This is currently under development and this MR will help test the connection to the recently provisioned cluster. We will expose these settings to Omnibus in the future https://gitlab.com/gitlab-org/container-registry/-/issues/1282=.

Reviewers checklist

• MR has a green pipeline on https://gitlab.com/gitlab-org/charts/gitlab.
• Consider downstream impact to the Operator, as per evaluating impact from changes to GitLab Chart.