Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] cluster: Secure cluster traffic via mutual TLS #1819

Closed
wants to merge 1 commit into from

Conversation

mxinden
Copy link
Member

@mxinden mxinden commented Mar 29, 2019

Use github.com/mxinden/memberlist-tls-transport to optionally secure the
Alertmanager cluster traffic via mutual tls.

This is an early work-in-progress version, but one can already test it out locally. I added everything to get up and running quickly:

  1. go get -u github.com/cloudflare/cfssl/cmd/...
  2. cd examples/ha/tls/ && make start

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
Use github.com/mxinden/memberlist-tls-transport to optionally secure the
Alertmanager cluster traffic via mutual tls.

Signed-off-by: Max Leonard Inden <[email protected]>
@@ -210,6 +219,46 @@ func Create(
p.setInitialFailed(resolvedPeers, bindAddr)
}

// TODO: Don't just dereference.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're handling all this differently in the node exporter tls stuff, which you should probably vendor/hack in here to keep things in line

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For sure. I will align this once prometheus/node_exporter#1277 is merged.

@hooten
Copy link
Contributor

hooten commented Mar 30, 2020

@mxinden Do you plan to pick this back up? If not, I would like to. Thanks!

@stale stale bot removed the stale label Mar 30, 2020
@mxinden
Copy link
Member Author

mxinden commented Mar 31, 2020

@hooten I have no plans to work on this, but I am more than happy to answer any questions in case you would like to continue the effort. Would be great to see this in master at some point.

As far as I am aware this is still aligned with the Alertmanager roadmap. I am //CCing @simonpasquier here just to make sure.

@sharadgaur
Copy link
Contributor

@hooten Love to pair with you on this :)

@mxinden
Copy link
Member Author

mxinden commented Oct 3, 2021

With #2237 merged, I am closing here.

@mxinden mxinden closed this Oct 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants