Skip to content

Commit

Permalink
feat: TLS support for the Thanos web endpoint (#496)
Browse files Browse the repository at this point in the history 
* feat: add Thanos Web endpoint TLS support

* test: add testcase for Querier with TLS

* feat: watch Querier TLS resources

---------

Co-authored-by: Jan Fajerski <jan--f@users.noreply.github.com>
  • Loading branch information
@vyzigold @jan--f
vyzigold and jan--f authored Oct 3, 2024
1 parent c009944 commit 43ee64e
Show file tree
Hide file tree
Showing 8 changed files with 630 additions and 8 deletions.
61 changes: 61 additions & 0 deletions bundle/manifests/monitoring.rhobs_thanosqueriers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,67 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
webTLSConfig:
description: Configure TLS options for the Thanos web server.
properties:
certificate:
description: Reference to the TLS public certificate for the web
server.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
minLength: 1
type: string
name:
description: The name of the secret in the object's namespace
to select from.
minLength: 1
type: string
required:
- key
- name
type: object
certificateAuthority:
description: Reference to the root Certificate Authority used
to verify the web server's certificate.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
minLength: 1
type: string
name:
description: The name of the secret in the object's namespace
to select from.
minLength: 1
type: string
required:
- key
- name
type: object
privateKey:
description: Reference to the TLS private key for the web server.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
minLength: 1
type: string
name:
description: The name of the secret in the object's namespace
to select from.
minLength: 1
type: string
required:
- key
- name
type: object
required:
- certificate
- certificateAuthority
- privateKey
type: object
required:
- selector
type: object
Expand Down
61 changes: 61 additions & 0 deletions deploy/crds/common/monitoring.rhobs_thanosqueriers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,67 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
webTLSConfig:
description: Configure TLS options for the Thanos web server.
properties:
certificate:
description: Reference to the TLS public certificate for the web
server.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
minLength: 1
type: string
name:
description: The name of the secret in the object's namespace
to select from.
minLength: 1
type: string
required:
- key
- name
type: object
certificateAuthority:
description: Reference to the root Certificate Authority used
to verify the web server's certificate.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
minLength: 1
type: string
name:
description: The name of the secret in the object's namespace
to select from.
minLength: 1
type: string
required:
- key
- name
type: object
privateKey:
description: Reference to the TLS private key for the web server.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
minLength: 1
type: string
name:
description: The name of the secret in the object's namespace
to select from.
minLength: 1
type: string
required:
- key
- name
type: object
required:
- certificate
- certificateAuthority
- privateKey
type: object
required:
- selector
type: object
Expand Down
150 changes: 150 additions & 0 deletions docs/api.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3690,6 +3690,13 @@ deduplicate.
<br/>
</td>
<td>false</td>
</tr><tr>
<td><b><a href="#thanosquerierspecwebtlsconfig">webTLSConfig</a></b></td>
<td>object</td>
<td>
Configure TLS options for the Thanos web server.<br/>
</td>
<td>false</td>
</tr></tbody>
</table>

Expand Down Expand Up @@ -3810,6 +3817,149 @@ list restricting them.<br/>
</tr></tbody>
</table>


### ThanosQuerier.spec.webTLSConfig
<sup><sup>[↩ Parent](#thanosquerierspec)</sup></sup>



Configure TLS options for the Thanos web server.

<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b><a href="#thanosquerierspecwebtlsconfigcertificate">certificate</a></b></td>
<td>object</td>
<td>
Reference to the TLS public certificate for the web server.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#thanosquerierspecwebtlsconfigcertificateauthority">certificateAuthority</a></b></td>
<td>object</td>
<td>
Reference to the root Certificate Authority used to verify the web server's certificate.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b><a href="#thanosquerierspecwebtlsconfigprivatekey">privateKey</a></b></td>
<td>object</td>
<td>
Reference to the TLS private key for the web server.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>


### ThanosQuerier.spec.webTLSConfig.certificate
<sup><sup>[↩ Parent](#thanosquerierspecwebtlsconfig)</sup></sup>



Reference to the TLS public certificate for the web server.

<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
The key of the secret to select from. Must be a valid secret key.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The name of the secret in the object's namespace to select from.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>


### ThanosQuerier.spec.webTLSConfig.certificateAuthority
<sup><sup>[↩ Parent](#thanosquerierspecwebtlsconfig)</sup></sup>



Reference to the root Certificate Authority used to verify the web server's certificate.

<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
The key of the secret to select from. Must be a valid secret key.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The name of the secret in the object's namespace to select from.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>


### ThanosQuerier.spec.webTLSConfig.privateKey
<sup><sup>[↩ Parent](#thanosquerierspecwebtlsconfig)</sup></sup>



Reference to the TLS private key for the web server.

<table>
<thead>
<tr>
<th>Name</th>
<th>Type</th>
<th>Description</th>
<th>Required</th>
</tr>
</thead>
<tbody><tr>
<td><b>key</b></td>
<td>string</td>
<td>
The key of the secret to select from. Must be a valid secret key.<br/>
</td>
<td>true</td>
</tr><tr>
<td><b>name</b></td>
<td>string</td>
<td>
The name of the secret in the object's namespace to select from.<br/>
</td>
<td>true</td>
</tr></tbody>
</table>

# observability.openshift.io/v1alpha1

Resource Types:
Expand Down
3 changes: 3 additions & 0 deletions pkg/apis/monitoring/v1alpha1/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,9 @@ type ThanosQuerierSpec struct {
// Selector to select which namespaces the Monitoring Stack objects are discovered from.
NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"`
ReplicaLabels []string `json:"replicaLabels,omitempty"`
// Configure TLS options for the Thanos web server.
// +optional
WebTLSConfig *WebTLSConfig `json:"webTLSConfig,omitempty"`
}

// ThanosQuerierStatus defines the observed state of ThanosQuerier.
Expand Down
5 changes: 5 additions & 0 deletions pkg/apis/monitoring/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 43ee64e

Please sign in to comment.