search

thanos-io / kube-thanos

Kubernetes specific configuration for deploying Thanos.
Apache License 2.0
520 stars 177 forks source link

Support custom certificate for the object store #260

Closed clyang82 closed 2 years ago

clyang82 commented 2 years ago

Signed-off-by: clyang82 chuyang@redhat.com

Changes

Support custom certificate for the object store. It is part of https://github.com/thanos-io/thanos/issues/4820 Propose to add the following fields in objectStorageConfig: tlsSecretName: tls secret name tlsSecretMountPath: tls secret mount path.

the example thanos object store format can be:

config:
  bucket: ""
  endpoint: ""
  insecure: false
  put_user_metadata: {}
  http_config:
    tls_config:
      ca_file: "/etc/certs/ca.crt"
      cert_file: "/etc/certs/cert.crt"
      key_file: "/etc/certs/key.key"
      insecure_skip_verify: false

so the objectStorageConfig can be:

    name: 'thanos-objectstorage',
    key: 'thanos.yaml'
    tlsSecretName: 'thanos-objectstorage-certs' --- the tls secret needs have the ca.crt/cert.crt/key.key keys.
    tlsSecretMountPath: '/etc/certs'

Verification

clyang82 commented 2 years ago

/assign @squat Could you help to review? Thanks

squat commented 2 years ago

Cc @kakkoyun @metalmatze who work more on kube-thanos

clyang82 commented 2 years ago

@kakkoyun @metalmatze Could you please take a look at this PR? Thanks.