prometheus-community / helm-charts

Prometheus community Helm charts
Apache License 2.0
5.14k stars 5.03k forks source link

[kube-prometheus-stack] Prometheus template support for grpcServerTlsConfig in thanos sidecar #4959

Open v1ctorrhs opened 3 weeks ago

v1ctorrhs commented 3 weeks ago

Is your feature request related to a problem ?

In GCP the ALB implementation enforces TLS encryption for HTTP/2. So when i enable the thanos sidecar currently there's no way to configure the grpcServerTlsConfig which is supposed to make the prometheus operator add the following args for the thanos sidecar

      --grpc-server-tls-cert=""  TLS Certificate for gRPC server, leave blank to
                                 disable TLS
      --grpc-server-tls-client-ca=""
                                 TLS CA to verify clients against. If no
                                 client CA is specified, there is no client
                                 verification on server side. (tls.NoClientCert)
      --grpc-server-tls-key=""   TLS Key for the gRPC server, leave blank to

Describe the solution you'd like.

kube-prometheus-stack:
  prometheus:
    prometheusSpec:
      thanos:
        grpcServerTlsConfig:
         cert:
           configMap: {}
              key: ""
              name: ""
              optional: bool
            secret: {}
              key: ""
              name: ""
              optional: bool
         key:
           configMap: {}
              key: ""
              name: ""
              optional: bool
            secret: {}
              key: ""
              name: ""
              optional: bool
          ca: {}
            configMap: {}
              key: ""
              name: ""
              optional: bool
            secret: {}
              key: ""
              name: ""
              optional: bool

Describe alternatives you've considered.

NONE

Additional context.

No response

DrFaust92 commented 2 weeks ago

Hi, you can pass this via:

prometheus.prometheusSpec.thanos.grpcServerTlsConfig