fix: expose the lighthouse queue redis over PrivateLink#600
Merged
liu-zhipeng merged 1 commit intomainnet-stagingfrom Mar 18, 2026
Merged
fix: expose the lighthouse queue redis over PrivateLink#600liu-zhipeng merged 1 commit intomainnet-stagingfrom
liu-zhipeng merged 1 commit intomainnet-stagingfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR enables the backend VPC (cartographer-handler) to reach the lighthouse queue Redis in the core VPC via AWS PrivateLink, and updates the mqclient Redis URL parsing to support TLS SNI override required for PrivateLink TLS verification.
Changes:
- Extend
parseRedisUrlto support?tlsServername=...for TLS SNI and add standard Redis connection retry/timeout settings. - Add reusable Terraform PrivateLink modules (
providerNLB + endpoint service,consumerinterface endpoint + SG). - Wire the modules into mainnet staging core/backend and update
REDIS_URLto use the PrivateLink endpoint DNS.
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| packages/adapters/mqclient/src/index.ts | Adds TLS SNI override via URL param and standard ioredis connection options. |
| ops/modules/privatelink/provider/variables.tf | Defines inputs for the PrivateLink provider module (NLB + endpoint service). |
| ops/modules/privatelink/provider/main.tf | Implements provider-side NLB, target group attachments via DNS A records, and endpoint service. |
| ops/modules/privatelink/provider/outputs.tf | Exposes endpoint service name and NLB ARN for consumers. |
| ops/modules/privatelink/consumer/variables.tf | Defines inputs for the consumer interface endpoint module. |
| ops/modules/privatelink/consumer/main.tf | Creates interface endpoint and associated security group rules. |
| ops/modules/privatelink/consumer/outputs.tf | Outputs endpoint DNS entries/id for application configuration. |
| ops/mainnet/staging/core/main.tf | Creates provider PrivateLink service for lighthouse queue Redis. |
| ops/mainnet/staging/core/outputs.tf | Exposes endpoint service name and Redis connection components via remote state. |
| ops/mainnet/staging/backend/main.tf | Creates the consumer interface endpoint in the backend VPC. |
| ops/mainnet/staging/backend/config.tf | Switches REDIS_URL to use the PrivateLink endpoint DNS with tlsServername. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
liu-zhipeng
approved these changes
Mar 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 Linear
Closes CONG-XXX