Closed gruyaume closed 2 months ago
Ahh I'm realising that this "ca" field is relatively new and was not available in 2.43 (the current version that the charm uses), this seems to be only available as of 2.45. In any case, it would be great to be able to pass the CA content over this relation and avoid using the insecure_skip_verify
parameter.
Tried this with the edge release of the prometheus charm (rev 149, v2.46.0) and I'm still getting this error:
unit-prometheus-k8s-0: 07:48:37 ERROR unit.prometheus-k8s/0.juju-log metrics-endpoint:2: Validating scrape jobs failed: b'time="2023-09-29T11:48:37Z" level=fatal msg="parsing YAML file /tmp/tmpvlm1c3do: yaml: unmarshal errors:\\n line 25: field ca not found in type config.TLSConfig\\n line 25: field ca not found in type config.TLSConfig\\n line 25: field ca not found in type config.TLSConfig"\n'
I believe this is not an issue anymore with the latest prometheus revision 209
. Closing, but feel free to reopen if this is still an issue :)
Bug Description
Prometheus supports specifying the CA certificate of an https target. Here I'm specifically referencing the "ca" parameter (not "ca_file"). Therefore we are trying to use the prometheus_scrape integration like so:
Here
_get_ca_certificate()
returns the CA certificate in the format:This does not work as expected, Prometheus does not add this CA certificate in its configuration file.
In order to avoid this issue we have to use "insecure_skip_verify".
You can test this for yourself using this branch of the Vault K8s operator.
Reference:
To Reproduce
Where has a ca in the tls_config parameter
Environment
Prometheus:
Relevant log output