Support TLS from open match core services to redis

[bpar476]

Is your feature request related to a problem? Please describe. It's not currently possible to enforce TLS between open-match core services and the redis state store. This is a desirable feature to bolster the security posture of the open match deployment.

Describe the solution you'd like Ability to provide a list of TLS certificate files in the open match config. These files would be used to configure a tls.Config for the redis connection pools: https://pkg.go.dev/github.com/gomodule/redigo/redis#DialTLSConfig. This should support an empty list of certificates to allow non-mutual TLS.

Describe alternatives you've considered Theoretically a proxy could be used to manage a TLS connection between open match and redis but this complicates the deployment.

[syntxerror]

hey @bpar476. This isn't a bad idea and can be added as an addition to Open Match. It would require require changes to the statestore service to allow for TLS configs when there are TLS certs provided. The thoughts we have are how do you supply the TLS certs for Open Match? Where do they live? Is it provided in the config or in directory?

[bpar476]

To me it makes sense to provide them in a directory then they can be mounted to the pods using a kubernetes secret.

[mridulji]

Hi @bpar476, we are supplying the certs in kubernetes secrets from directory 👉🏻 install/helm/open-match/secrets/tls/server/. We would like to review if you submit a PR with the required changes 😃.

[joeholley]

Please test and re-open with a PR if you'd still like this feature, thanks!