-
Notifications
You must be signed in to change notification settings - Fork 524
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mimir: Add TLS config to S3 client #7959
Changes from 6 commits
70b9048
f638e6c
90aa4cf
2a07f42
d5432c3
c1507f5
952aa26
34b2b25
d5e0720
bff24ac
d3e33ab
01f5414
066e973
63431bc
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -78,6 +78,16 @@ type HTTPConfig struct { | |
|
||
// Allow upstream callers to inject a round tripper | ||
Transport http.RoundTripper `yaml:"-"` | ||
|
||
TLSConfig TLSConfig `yaml:"tls_config"` | ||
} | ||
|
||
// TLSConfig configures the options for TLS connections. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Elsewhere in Mimir, we use
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. A few notes about this request that I have difficulties understanding: Firstly, I see that
Secondly, the original suggestion was to allow only relevant values to be passed to the exthttp client as I apologize if my wording sounds a bit rude, I'm quite new to Mimir's codebase so I might not understand this correctly. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ah, so it does. In that case, could you adjust the struct a bit so that the settings being added match names if we were using E.g. make There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'll do so, please note that other components reference There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Another issue that shows in the tests, this PR will change There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
That's fine to leave as-is. We can deprecate and replace the old option in another PR or just leave it.
It's expected to need to run |
||
type TLSConfig struct { | ||
CAFile string `yaml:"ca_file" category:"advanced"` | ||
CertFile string `yaml:"cert_file" category:"advanced"` | ||
KeyFile string `yaml:"key_file" category:"advanced"` | ||
ServerName string `yaml:"server_name" category:"advanced"` | ||
} | ||
|
||
// RegisterFlagsWithPrefix registers the flags for s3 storage with the provided prefix | ||
|
@@ -90,6 +100,15 @@ func (cfg *HTTPConfig) RegisterFlagsWithPrefix(prefix string, f *flag.FlagSet) { | |
f.IntVar(&cfg.MaxIdleConns, prefix+"s3.max-idle-connections", 100, "Maximum number of idle (keep-alive) connections across all hosts. 0 means no limit.") | ||
f.IntVar(&cfg.MaxIdleConnsPerHost, prefix+"s3.max-idle-connections-per-host", 100, "Maximum number of idle (keep-alive) connections to keep per-host. If 0, a built-in default value is used.") | ||
f.IntVar(&cfg.MaxConnsPerHost, prefix+"s3.max-connections-per-host", 0, "Maximum number of connections per host. 0 means no limit.") | ||
cfg.TLSConfig.RegisterFlagsWithPrefix(prefix, f) | ||
} | ||
|
||
// RegisterFlagsWithPrefix registers the flags for s3 storage with the provided prefix. | ||
func (cfg *TLSConfig) RegisterFlagsWithPrefix(prefix string, f *flag.FlagSet) { | ||
f.StringVar(&cfg.CAFile, prefix+"s3.http.tls.ca-file", "", "The CA certificate file path.") | ||
f.StringVar(&cfg.CertFile, prefix+"s3.http.tls.cert-file", "", "The client certificate file path.") | ||
f.StringVar(&cfg.KeyFile, prefix+"s3.http.tls.key-file", "", "The client key file path.") | ||
f.StringVar(&cfg.ServerName, prefix+"s3.http.tls.server-name", "", "The name of the server for verification.") | ||
} | ||
|
||
// Config holds the config options for an S3 backend | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you move this with the other
[ENHANCEMENT]
entries?