Skip to content

Commit

Permalink
Receive: stop relying on grpc server config to set grpc client secure…
Browse files Browse the repository at this point in the history
…/skipVerify

Signed-off-by: Guillaume Lecerf <guillaume.lecerf@iziwork.com>
  • Loading branch information
guillaumelecerf committed Apr 8, 2024
1 parent 6b3aa32 commit 2c34e17
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 2 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ We use *breaking :warning:* to mark changes that are not backward compatible (re
- [#7199](https://github.com/thanos-io/thanos/pull/7199): Reloader: Add support for watching and decompressing Prometheus configuration directories
- [#7200](https://github.com/thanos-io/thanos/pull/7175): Query: Add `--selector.relabel-config` and `--selector.relabel-config-file` flags which allows scoping the Querier to a subset of matched TSDBs.
- [#7233](https://github.com/thanos-io/thanos/pull/7233): UI: Showing Block Size Stats
- [#7219](https://github.com/thanos-io/thanos/pull/7219): Receive: add `--remote-write.client-tls-secure` and `--remote-write.client-tls-skip-verify` flags to stop relying on grpc server config to determine grpc client secure/skipVerify.

### Changed

Expand Down
10 changes: 8 additions & 2 deletions cmd/thanos/receive.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,8 +144,8 @@ func runReceive(
logger,
reg,
tracer,
conf.grpcConfig.tlsSrvCert != "",
conf.grpcConfig.tlsSrvClientCA == "",
conf.rwClientSecure,
conf.rwClientSkipVerify,
conf.rwClientCert,
conf.rwClientKey,
conf.rwClientServerCA,
Expand Down Expand Up @@ -778,8 +778,10 @@ type receiveConfig struct {
rwServerClientCA string
rwClientCert string
rwClientKey string
rwClientSecure bool
rwClientServerCA string
rwClientServerName string
rwClientSkipVerify bool

dataDir string
labelStrs []string
Expand Down Expand Up @@ -852,6 +854,10 @@ func (rc *receiveConfig) registerFlag(cmd extkingpin.FlagClause) {

cmd.Flag("remote-write.client-tls-key", "TLS Key for the client's certificate.").Default("").StringVar(&rc.rwClientKey)

cmd.Flag("remote-write.client-tls-secure", "Use TLS when talking to the other receivers.").Default("false").BoolVar(&rc.rwClientSecure)

cmd.Flag("remote-write.client-tls-skip-verify", "Disable TLS certificate verification when talking to the other receivers i.e self signed, signed by fake CA.").Default("false").BoolVar(&rc.rwClientSkipVerify)

cmd.Flag("remote-write.client-tls-ca", "TLS CA Certificates to use to verify servers.").Default("").StringVar(&rc.rwClientServerCA)

cmd.Flag("remote-write.client-server-name", "Server name to verify the hostname on the returned TLS certificates. See https://tools.ietf.org/html/rfc4366#section-3.1").Default("").StringVar(&rc.rwClientServerName)
Expand Down
6 changes: 6 additions & 0 deletions docs/components/receive.md
Original file line number Diff line number Diff line change
Expand Up @@ -440,6 +440,12 @@ Flags:
to the server.
--remote-write.client-tls-key=""
TLS Key for the client's certificate.
--remote-write.client-tls-secure
Use TLS when talking to the other receivers.
--remote-write.client-tls-skip-verify
Disable TLS certificate verification when
talking to the other receivers i.e self signed,
signed by fake CA.
--remote-write.server-tls-cert=""
TLS Certificate for HTTP server, leave blank to
disable TLS.
Expand Down

0 comments on commit 2c34e17

Please sign in to comment.