Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: TLS support for the Thanos web endpoint #496

Merged
merged 4 commits into from
Oct 3, 2024
Merged

feat: TLS support for the Thanos web endpoint #496

merged 4 commits into from
Oct 3, 2024

Conversation

vyzigold
Copy link
Contributor

This PR adds a new "WebTLSConfig" field to the ThanosQuerier Spec, which allows the user to specify secrets containing TLS certificates. The ThanosQuerier object is configured to use these secrets.

The secrets are then watched for changes and a reconciliation is triggered when one of them changes. In order to know if the contents of the TLS related secrets changed, a hash is computed from the contents of the secrets. The computed hash value is added to the querier deployment as an env variable. This means, that when that variable changes, a new querier pod is automatically created, which will use the new content of the secrets. (when the content of the secrets is the same, the old pod stays running).

The ServiceMonitor for monitoring the Querier is also modified to use TLS when TLS is enabled.

The first 2 commits of the PR (which add the WebTLSConfig struct and the TLS prometheus client for testing) are shared with #492

@vyzigold vyzigold requested a review from a team as a code owner May 31, 2024 09:28
@vyzigold vyzigold requested review from sthaha and JoaoBraveCoding and removed request for a team May 31, 2024 09:28
@openshift-ci openshift-ci bot requested review from lihongyan1 and marioferh May 31, 2024 09:28
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented May 31, 2024

Hi @vyzigold. Thanks for your PR.

I'm waiting for a rhobs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@vyzigold vyzigold mentioned this pull request Jun 11, 2024
Draft
jan--f
jan--f reviewed Jun 26, 2024
View reviewed changes
Copy link
Collaborator

@jan--f jan--f left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks very nice! I have one small question though.

@jan--f
Copy link
Collaborator

jan--f commented Jun 26, 2024

/ok-to-test

@vyzigold vyzigold force-pushed the thanos_web_tls branch 2 times, most recently from 2665029 to 1f0b8c6 Compare July 17, 2024 13:15
@jan--f
Copy link
Collaborator

jan--f commented Oct 3, 2024

Thanks!
/lgtm
/approve

@openshift-ci openshift-ci bot added the lgtm label Oct 3, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Oct 3, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jan--f, vyzigold

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Oct 3, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 43ee64e into rhobs:main Oct 3, 2024
11 checks passed
simonpasquier added a commit that referenced this pull request Oct 7, 2024
@simonpasquier
Revert "feat: TLS support for the Thanos web endpoint (#496)"
078c73d 
This reverts commit 43ee64e.
@simonpasquier simonpasquier mentioned this pull request Oct 7, 2024
Merged
openshift-merge-bot bot pushed a commit that referenced this pull request Oct 7, 2024
@simonpasquier
Revert "feat: TLS support for the Thanos web endpoint (#496)" (#582)
c9424bd 
This reverts commit 43ee64e.
@vyzigold vyzigold mentioned this pull request Oct 23, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jan--f jan--f jan--f left review comments

@sthaha sthaha Awaiting requested review from sthaha sthaha is a code owner automatically assigned from rhobs/observability-operator-maintainers

@JoaoBraveCoding JoaoBraveCoding Awaiting requested review from JoaoBraveCoding JoaoBraveCoding is a code owner automatically assigned from rhobs/observability-operator-maintainers

@lihongyan1 lihongyan1 Awaiting requested review from lihongyan1

@marioferh marioferh Awaiting requested review from marioferh

Assignees

@jan--f jan--f

Labels
approved lgtm ok-to-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vyzigold @jan--f