Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support custom certificate for the object store #260

Merged
merged 3 commits into from
Jan 5, 2022
Merged

Support custom certificate for the object store #260

merged 3 commits into from
Jan 5, 2022

Conversation

clyang82
Copy link
Contributor

@clyang82 clyang82 commented Dec 24, 2021
edited
Loading

Signed-off-by: clyang82 chuyang@redhat.com

  • I added CHANGELOG entry for this change.
  • Change is not relevant to the end user.

Changes

Support custom certificate for the object store. It is part of thanos-io/thanos#4820
Propose to add the following fields in objectStorageConfig:
tlsSecretName: tls secret name
tlsSecretMountPath: tls secret mount path.

the example thanos object store format can be:

config:
  bucket: ""
  endpoint: ""
  insecure: false
  put_user_metadata: {}
  http_config:
    tls_config:
      ca_file: "/etc/certs/ca.crt"
      cert_file: "/etc/certs/cert.crt"
      key_file: "/etc/certs/key.key"
      insecure_skip_verify: false

so the objectStorageConfig can be:

    name: 'thanos-objectstorage',
    key: 'thanos.yaml'
    tlsSecretName: 'thanos-objectstorage-certs' --- the tls secret needs have the ca.crt/cert.crt/key.key keys.
    tlsSecretMountPath: '/etc/certs'

Verification

@clyang82
Copy link
Contributor Author

/assign @squat Could you help to review? Thanks

@squat
Copy link
Member

squat commented Jan 4, 2022

Cc @kakkoyun @metalmatze who work more on kube-thanos

@clyang82
Support custom certificate for the object store
8c6b751 
Signed-off-by: clyang82 <chuyang@redhat.com>
@clyang82
Update changelog
48f949e 
Signed-off-by: clyang82 <chuyang@redhat.com>
@clyang82
fix rebase issue
a1ff68f 
Signed-off-by: clyang82 <chuyang@redhat.com>
@clyang82
Copy link
Contributor Author

clyang82 commented Jan 5, 2022

@kakkoyun @metalmatze Could you please take a look at this PR? Thanks.

@kakkoyun kakkoyun merged commit c8a244f into thanos-io:main Jan 5, 2022
@clyang82 clyang82 deleted the custom_ca branch January 5, 2022 14:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@squat squat squat approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@clyang82 @squat @kakkoyun