added tls config in downstream query (#6760)

* added tls config Signed-off-by: bazooka3000 <[email protected]> * docs Signed-off-by: bazooka3000 <[email protected]> * Update CHANGELOG.md Co-authored-by: Saswata Mukherjee <[email protected]> Signed-off-by: Dattatreya <[email protected]> * lint check Signed-off-by: bazooka3000 <[email protected]> --------- Signed-off-by: bazooka3000 <[email protected]> Signed-off-by: Dattatreya <[email protected]> Co-authored-by: Saswata Mukherjee <[email protected]>
thanos-io · Oct 2, 2023 · 1fbfefe · 1fbfefe
1 parent 531cdb1
commit 1fbfefe
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,7 @@ We use *breaking :warning:* to mark changes that are not backward compatible (re
 - [#6605](https://github.com/thanos-io/thanos/pull/6605) Query Frontend: Support vertical sharding binary expression with metric name when no matching labels specified.
 - [#6308](https://github.com/thanos-io/thanos/pull/6308) Ruler: Support configuration flag that allows customizing template for alert message.
 - [#6749](https://github.com/thanos-io/thanos/pull/6308) Store Gateway: Added `thanos_store_index_cache_fetch_duration_seconds` histogram for tracking latency of fetching data from index cache. 
+- [#6760](https://github.com/thanos-io/thanos/pull/6760) Query Frontend: Added TLS support in `--query-frontend.downstream-tripper-config` and `--query-frontend.downstream-tripper-config-file`
 
 ### Changed
 

diff --git a/cmd/thanos/query_frontend.go b/cmd/thanos/query_frontend.go
@@ -25,6 +25,7 @@ import (
 	cortexvalidation "github.com/thanos-io/thanos/internal/cortex/util/validation"
 	"github.com/thanos-io/thanos/pkg/api"
 	"github.com/thanos-io/thanos/pkg/component"
+	"github.com/thanos-io/thanos/pkg/exthttp"
 	"github.com/thanos-io/thanos/pkg/extkingpin"
 	"github.com/thanos-io/thanos/pkg/extprom"
 	extpromhttp "github.com/thanos-io/thanos/pkg/extprom/http"
@@ -181,6 +182,13 @@ func parseTransportConfiguration(downstreamTripperConfContentYaml []byte) (*http
 			return nil, errors.Wrap(err, "parsing downstream tripper config YAML file")
 		}
 
+		if tripperConfig.TLSConfig != nil {
+			tlsConfig, err := exthttp.NewTLSConfig(tripperConfig.TLSConfig)
+			if err != nil {
+				return nil, errors.Wrap(err, "parsing downstream tripper TLS config YAML")
+			}
+			downstreamTripper.TLSClientConfig = tlsConfig
+		}
 		if tripperConfig.IdleConnTimeout > 0 {
 			downstreamTripper.IdleConnTimeout = time.Duration(tripperConfig.IdleConnTimeout)
 		}

diff --git a/pkg/queryfrontend/config.go b/pkg/queryfrontend/config.go
@@ -21,6 +21,7 @@ import (
 	"github.com/thanos-io/thanos/internal/cortex/util/flagext"
 	cortexvalidation "github.com/thanos-io/thanos/internal/cortex/util/validation"
 	"github.com/thanos-io/thanos/pkg/cacheutil"
+	"github.com/thanos-io/thanos/pkg/exthttp"
 	"github.com/thanos-io/thanos/pkg/model"
 )
 
@@ -186,6 +187,7 @@ type DownstreamTripperConfig struct {
 	MaxIdleConns          *int               `yaml:"max_idle_conns"`
 	MaxIdleConnsPerHost   *int               `yaml:"max_idle_conns_per_host"`
 	MaxConnsPerHost       *int               `yaml:"max_conns_per_host"`
+	TLSConfig             *exthttp.TLSConfig `yaml:"tls_config"`
 
 	CachePathOrContent extflag.PathOrContent
 }