When configuring Alertmanager in the SigNoz Helm chart to send email alerts, I encountered a certificate trust issue with the STARTTLS configuration. To resolve this, I manually modified the Alertmanager StatefulSet to add a volume containing the required certificate and configured a ConfigMap in Kubernetes for this certificate. I also added environment variables, such as:
However, this approach requires modifying the StatefulSet manually.
Describe the solution you'd like
I would like to be able to specify the certificate directly within the values.yaml file of the Helm chart. This would allow me to keep STARTTLS enabled while seamlessly adding the necessary certificate to the pod’s trusted root certificates. I noticed that extraVolumes are available for other components in the SigNoz Helm chart, so adding similar functionality for Alertmanager would be consistent and beneficial. This approach would simplify configuration management and align with Kubernetes best practices, avoiding the need to disable STARTTLS as in this PR. (Create by https://github.com/SigNoz/alertmanager/issues/34)
Describe alternatives you've considered
One alternative is to disable STARTTLS altogether, which is currently possible with the disable STARTTLS feature. However, this compromises the security of email alerts and doesn't address the root cause of the certificate trust issue.
Additional context
Here’s an example of the manual configuration I used to resolve this issue. Screenshots and further details are available if needed. Thank you for considering this feature request to improve the SigNoz Alertmanager Helm chart!
Thank you for your feature request – we love each and every one!
Is your feature request related to a problem?
When configuring Alertmanager in the SigNoz Helm chart to send email alerts, I encountered a certificate trust issue with the STARTTLS configuration. To resolve this, I manually modified the Alertmanager StatefulSet to add a volume containing the required certificate and configured a ConfigMap in Kubernetes for this certificate. I also added environment variables, such as:
With these settings and the following volume mount, the configuration worked:
However, this approach requires modifying the StatefulSet manually.
Describe the solution you'd like
I would like to be able to specify the certificate directly within the values.yaml file of the Helm chart. This would allow me to keep STARTTLS enabled while seamlessly adding the necessary certificate to the pod’s trusted root certificates. I noticed that extraVolumes are available for other components in the SigNoz Helm chart, so adding similar functionality for Alertmanager would be consistent and beneficial. This approach would simplify configuration management and align with Kubernetes best practices, avoiding the need to disable STARTTLS as in this PR. (Create by https://github.com/SigNoz/alertmanager/issues/34)
Describe alternatives you've considered
One alternative is to disable STARTTLS altogether, which is currently possible with the disable STARTTLS feature. However, this compromises the security of email alerts and doesn't address the root cause of the certificate trust issue.
Additional context
Here’s an example of the manual configuration I used to resolve this issue. Screenshots and further details are available if needed. Thank you for considering this feature request to improve the SigNoz Alertmanager Helm chart!
Thank you for your feature request – we love each and every one!