[QUESTION] Can Sentinel return master tls-port if TLS is enabled?

[zygisa]

Hi 👋

We're using Redis + Sentinel (v7.2.4) with non-TLS port currently. We'd like to introduce tls-port and gradually migrate our applications to use it. For the duration of migration we'd need to support both non-TLS and TLS ports. We expect it to work like this:

• When the client connects to non-TLS Sentinel port and tries to get Redis master information, master IP and non-TLS port are returned
• When the client connects to TLS Sentinel port and tries to get Redis master information, master IP and TLS port are returned

It seems that currently Sentinel returns master IP and non-TLS port in both cases:

redis-cli -h <IP> -p 16385 SENTINEL GET-MASTER-ADDR-BY-NAME <service-name>
1) "<IP>"
2) "6385"

redis-cli -h <IP> -p 18385 --tls SENTINEL GET-MASTER-ADDR-BY-NAME <service-name>
1) "<IP>"
2) "6385"

Is it possible to configure Sentinel to return Redis master TLS port when client connects to Sentinel on TLS port? I see that similar functionality was recently introduced for Redis cluster: #12233

Relevant excerpt from redis config:

port 6385
bind <IP>
tls-port 8385
tls-cert-file /etc/redis/tls/<service-name>.crt
tls-key-file /etc/redis/tls/<service-name>.key
tls-auth-clients no

Relevant excerpt from sentinel config:

bind <IP> 
port 16385
sentinel monitor <service-name> <IP> 6385 4
tls-auth-clients no
tls-key-file "/etc/redis/tls/<service-name>.key"
tls-port 18385
tls-cert-file "/etc/redis/tls/<service-name>.crt"
sentinel myid 09faf2b076bb997744a04e54c22a2406cae6cccf
sentinel config-epoch encrypted 0
sentinel leader-epoch encrypted 0
sentinel current-epoch 0

Please let me know if additional details are needed.