fix: expose the lighthouse queue redis over PrivateLink#598
Closed
otsybizov wants to merge 1 commit intomainnet-stagingfrom
Closed
fix: expose the lighthouse queue redis over PrivateLink#598otsybizov wants to merge 1 commit intomainnet-stagingfrom
otsybizov wants to merge 1 commit intomainnet-stagingfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Exposes the staging “lighthouse queue” Redis to the backend VPC via AWS PrivateLink, and updates the BullMQ Redis URL parsing to support TLS SNI overrides needed when connecting through a PrivateLink endpoint DNS name.
Changes:
- Add
tlsServernameURL query support inparseRedisUrl()and tune Redis connection defaults for BullMQ usage. - Introduce reusable Terraform PrivateLink modules: a provider-side internal NLB + endpoint service, and a consumer-side interface endpoint + SG.
- Wire the staging core VPC (provider) and staging backend VPC (consumer) together and update
REDIS_URLto use the endpoint DNS with SNI override.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/adapters/mqclient/src/index.ts | Adds SNI override support via ?tlsServername= and sets Redis connection defaults. |
| ops/modules/privatelink/provider/variables.tf | Inputs for the provider-side NLB + endpoint service module. |
| ops/modules/privatelink/provider/main.tf | Creates internal NLB targeting resolved IPs and exposes it as a VPC Endpoint Service. |
| ops/modules/privatelink/provider/outputs.tf | Exposes endpoint service name and NLB ARN for consumers/visibility. |
| ops/modules/privatelink/consumer/variables.tf | Inputs for the consumer-side interface endpoint module. |
| ops/modules/privatelink/consumer/main.tf | Provisions interface endpoint + SG to reach the provider’s endpoint service. |
| ops/modules/privatelink/consumer/outputs.tf | Outputs DNS name/id for clients to connect to the interface endpoint. |
| ops/mainnet/staging/core/main.tf | Adds provider module instantiation for lighthouse queue Redis. |
| ops/mainnet/staging/core/outputs.tf | Exposes endpoint service name and Redis connection pieces for backend remote-state consumption. |
| ops/mainnet/staging/backend/main.tf | Adds consumer module instantiation in backend VPC. |
| ops/mainnet/staging/backend/config.tf | Updates REDIS_URL to use PrivateLink endpoint DNS + tlsServername. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,9 @@ | |||
| output "endpoint_dns_name" { | |||
| description = "DNS name of the VPC endpoint — use as the host for cross-VPC clients" | |||
| value = aws_vpc_endpoint.this.dns_entry[0].dns_name | |||
Comment on lines
+4
to
+10
| # Service endpoints are typically DNS names; resolve to IP for the NLB target group. | ||
| # NOTE: IPs are resolved at apply-time. If the target service changes IPs | ||
| # (e.g. ElastiCache failover), a re-apply is needed to update NLB targets. | ||
| # Consider scheduling periodic re-applies or alerting on target health. | ||
| data "dns_a_record_set" "target" { | ||
| host = var.target_address | ||
| } |
| { name = "DD_API_KEY", value = var.dd_api_key }, | ||
| { name = "CARTOGRAPHER_ADMIN_TOKEN", value = var.cartographer_admin_token }, | ||
| { name = "REDIS_URL", value = data.terraform_remote_state.core.outputs.lighthouse_queue_redis_url }, | ||
| { name = "REDIS_URL", value = "rediss://:${data.terraform_remote_state.core.outputs.lighthouse_queue_redis_auth_token}@${module.lighthouse_queue_privatelink.endpoint_dns_name}:${data.terraform_remote_state.core.outputs.lighthouse_queue_redis_port}?tlsServername=${data.terraform_remote_state.core.outputs.lighthouse_queue_redis_address}" }, |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 Linear
Closes CONG-XXX