Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Loki Canary add insecure option #4366

Closed
Tom4599 opened this issue Sep 22, 2021 · 2 comments · Fixed by #7398
Closed

Loki Canary add insecure option #4366

Tom4599 opened this issue Sep 22, 2021 · 2 comments · Fixed by #7398
Labels
stale A stale issue or PR that will automatically be closed.

Comments

@Tom4599
Copy link

Tom4599 commented Sep 22, 2021
edited
Loading

First of all, thank you for your work !

Is your feature request related to a problem? Please describe.

I try to use Loki Canary and I get a connection error because the certificate used is self-signed :

root@host:~# /usr/local/bin/loki-canary -addr loki:3105 -port 3200 -interval 15s -labelname job -labelvalue loki-canary -metric-test-interval 1h -metric-test-range 24h -pruneinterval 5m -spot-check-query-rate 5m -tls -wait 6m
Connecting to loki at wss://loki:3105/loki/api/v1/tail?query=%7Bstream%3D%22stdout%22%2Cjob%3D%22loki-canary%22%7D, querying for label 'job' with value 'loki-canary'
failed to connect to wss://loki:3105/loki/api/v1/tail?query=%7Bstream%3D%22stdout%22%2Cjob%3D%22loki-canary%22%7D with err x509: certificate signed by unknown authority

Connecting to loki at wss://loki.priv.smile-ops.fr:3105/loki/api/v1/tail?query=%7Bstream%3D%22stdout%22%2Cjob%3D%22loki-canary%22%7D, querying for label 'job' with value 'loki-canary'
failed to connect to wss://loki.priv.smile-ops.fr:3105/loki/api/v1/tail?query=%7Bstream%3D%22stdout%22%2Cjob%3D%22loki-canary%22%7D with err x509: certificate signed by unknown authority

Describe the solution you'd like

It would be great to have a -insecure or -tls-skip-verify option to bypass this error like in logcli.

Describe alternatives you've considered

I thought of using HTTP, instead of HTTPS, for the query-frontend but since Loki Canary and Promtail will be placed on another machine, it is important that the request is encrypted.
@stale
Copy link

stale bot commented Mar 3, 2022

Hi! This issue has been automatically marked as stale because it has not had any
activity in the past 30 days.

We use a stalebot among other tools to help manage the state of issues in this project.
A stalebot can be very useful in closing issues in a number of cases; the most common
is closing issues or PRs where the original reporter has not responded.

Stalebots are also emotionless and cruel and can close issues which are still very relevant.

If this issue is important to you, please add a comment to keep it open. More importantly, please add a thumbs-up to the original issue entry.

We regularly sort for closed issues which have a stale label sorted by thumbs up.

We may also:

  • Mark issues as revivable if we think it's a valid issue but isn't something we are likely
    to prioritize in the future (the issue will still remain closed).
  • Add a keepalive label to silence the stalebot if the issue is very common/popular/important.

We are doing our best to respond, organize, and prioritize all issues but it can be a challenging task,
our sincere apologies if you find yourself at the mercy of the stalebot.

@stale stale bot added the stale A stale issue or PR that will automatically be closed. label Mar 3, 2022
@stale stale bot closed this as completed Apr 18, 2022
@verejoel
Copy link
Contributor

This is pretty important, I would like to see this implemented

@verejoel verejoel mentioned this issue Oct 12, 2022
Merged
5 tasks
kavirajk pushed a commit that referenced this issue Oct 13, 2022
@verejoel
[loki-canary] Allow insecure TLS connections (#7398)
46d3dec 
**What this PR does / why we need it**:
This change allows client certificates signed by a self-signed
certificate authority to be used by the Loki canary.

**Which issue(s) this PR fixes**:
Fixes #4366 

**Special notes for your reviewer**:
This has been tested on linux amd64 with self-signed certificates.

**Checklist**
- [x] Reviewed the `CONTRIBUTING.md` guide
- [x] Documentation added
- [x] Tests updated
- [x] `CHANGELOG.md` updated
- [x] Changes that require user attention or interaction to upgrade are
documented in `docs/sources/upgrading/_index.md`
lxwzy pushed a commit to lxwzy/loki that referenced this issue Nov 7, 2022
@verejoel @lxwzy
[loki-canary] Allow insecure TLS connections (grafana#7398)
9ebe796 
**What this PR does / why we need it**:
This change allows client certificates signed by a self-signed
certificate authority to be used by the Loki canary.

**Which issue(s) this PR fixes**:
Fixes grafana#4366 

**Special notes for your reviewer**:
This has been tested on linux amd64 with self-signed certificates.

**Checklist**
- [x] Reviewed the `CONTRIBUTING.md` guide
- [x] Documentation added
- [x] Tests updated
- [x] `CHANGELOG.md` updated
- [x] Changes that require user attention or interaction to upgrade are
documented in `docs/sources/upgrading/_index.md`
changhyuni pushed a commit to changhyuni/loki that referenced this issue Nov 8, 2022
@verejoel @changhyuni
[loki-canary] Allow insecure TLS connections (grafana#7398)
1397d86 
**What this PR does / why we need it**:
This change allows client certificates signed by a self-signed
certificate authority to be used by the Loki canary.

**Which issue(s) this PR fixes**:
Fixes grafana#4366 

**Special notes for your reviewer**:
This has been tested on linux amd64 with self-signed certificates.

**Checklist**
- [x] Reviewed the `CONTRIBUTING.md` guide
- [x] Documentation added
- [x] Tests updated
- [x] `CHANGELOG.md` updated
- [x] Changes that require user attention or interaction to upgrade are
documented in `docs/sources/upgrading/_index.md`
Abuelodelanada pushed a commit to canonical/loki that referenced this issue Dec 1, 2022
@verejoel @Abuelodelanada
[loki-canary] Allow insecure TLS connections (grafana#7398)
3a4950b 
**What this PR does / why we need it**:
This change allows client certificates signed by a self-signed
certificate authority to be used by the Loki canary.

**Which issue(s) this PR fixes**:
Fixes grafana#4366 

**Special notes for your reviewer**:
This has been tested on linux amd64 with self-signed certificates.

**Checklist**
- [x] Reviewed the `CONTRIBUTING.md` guide
- [x] Documentation added
- [x] Tests updated
- [x] `CHANGELOG.md` updated
- [x] Changes that require user attention or interaction to upgrade are
documented in `docs/sources/upgrading/_index.md`
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale A stale issue or PR that will automatically be closed.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[loki-canary] Allow insecure TLS connections verejoel/loki
2 participants
@Tom4599 @verejoel