[bitnami/thanos] Add support for HTTPS and basic auth experimental settings #12404
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ttings Signed-off-by: Miguel Ruiz <[email protected]>
Signed-off-by: Bitnami Containers <[email protected]>
Signed-off-by: Miguel Ruiz <[email protected]>
|
I have added a new section in the README.md describing how to use this new feature. |
|
In case it helps, this PR has been tested using the following install commands: Output: |
Signed-off-by: Miguel Ruiz <[email protected]>
Signed-off-by: Miguel Ruiz <[email protected]>
rafariossaa
suggested changes
Sep 14, 2022
| | `https.cert` | TLS Certificate for Thanos HTTPS - ignored if existingSecret is provided | `""` | | ||
| | `https.ca` | (Optional, used for client) CA Certificate for Thanos HTTPS - ignored if existingSecret is provided | `""` | | ||
| | `https.clientAuthType` | Server policy for client authentication using certificates. Maps to ClientAuth Policies. | `""` | | ||
| | `auth.basicAuthUsers` | Object containing <user>:<passwords> key-value pairs for each user that will have access via basic authentication | `{}` | |
There was a problem hiding this comment.
As this is containing passwords, I think we should use a secret, or at least, provide the option to use a secret instead.
There was a problem hiding this comment.
The configuration file is stored in a Secret instead of a configmap because of that reason.
User can provide its configuration file using existingHttpConfigSecret.
The main issue is that, if the basic authentication is enabled, the password is also needed for the Probes to succeed, and Thanos uses a scratch container, so no logic can be added to handle the password using env variables.
There was a problem hiding this comment.
Please refer to the README.md section below, where I tried to depict this same situation and the alternatives to that.
Signed-off-by: Miguel Ruiz <[email protected]>
javsalgar
requested changes
Sep 14, 2022
| {{/* | ||
| Returns Thanos basic auth user and password for the HTTP request. | ||
| */}} | ||
| {{- define "thanos.basicAuth" -}} |
There was a problem hiding this comment.
Remove this part as it is no longer necessary
Signed-off-by: Miguel Ruiz <[email protected]>
javsalgar
approved these changes
Sep 14, 2022
rafariossaa
approved these changes
Sep 14, 2022
Signed-off-by: Miguel Ruiz <[email protected]>
isantospardo
added a commit
to adfinis/helm-charts
that referenced
this pull request
Sep 30, 2022
- [Creates separate service for grpc port of query module](bitnami/charts#11051) - [Update default prometheusrule value](bitnami/charts#10979) - [Fix Deprecation Warning of thanos](bitnami/charts#11178) - [Updating components versions](bitnami/charts@a49e568) - [Update URLs to point to the new bitnami/containers monorepo](bitnami/charts#11352) - [Conditionally Set objstore arg and OBJSTORE_CONFIG for Thanos receive](bitnami/charts#11274) - [Add support for image digest apart from tag](bitnami/charts#11955) - [Create sharded hpa and pdb for storegateway](bitnami/charts#11426) - [Allowed to add labels to query-frontend service and storegateway PVC](bitnami/charts#11549) - [Add support for HTTPS and basic auth experimental settings](bitnami/charts#12404)
6 tasks
isantospardo
added a commit
to adfinis/helm-charts
that referenced
this pull request
Sep 30, 2022
- [Creates separate service for grpc port of query module](bitnami/charts#11051) - [Update default prometheusrule value](bitnami/charts#10979) - [Fix Deprecation Warning of thanos](bitnami/charts#11178) - [Updating components versions](bitnami/charts@a49e568) - [Update URLs to point to the new bitnami/containers monorepo](bitnami/charts#11352) - [Conditionally Set objstore arg and OBJSTORE_CONFIG for Thanos receive](bitnami/charts#11274) - [Add support for image digest apart from tag](bitnami/charts#11955) - [Create sharded hpa and pdb for storegateway](bitnami/charts#11426) - [Allowed to add labels to query-frontend service and storegateway PVC](bitnami/charts#11549) - [Add support for HTTPS and basic auth experimental settings](bitnami/charts#12404)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the change
Adds support for Thanos HTTPS and basic authentication.
Ref: https://thanos.io/tip/operating/https.md/#running-thanos-with-https-and-basic-authentication
Checklist
Chart.yamlaccording to semver. This is not necessary when the changes only affect README.md files.README.mdusing readme-generator-for-helm