Merge pull request #1756 from brancz/static-etcd-insecure

brancz · web-flow · commit 356dce265f3c · 2018-08-14T11:11:56.000+02:00
kube-prometheus: Allow skipping etcd TLS errors
diff --git a/contrib/kube-prometheus/examples/etcd-skip-verify.jsonnet b/contrib/kube-prometheus/examples/etcd-skip-verify.jsonnet
@@ -0,0 +1,22 @@
+local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
+           (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + {
+  _config+:: {
+    namespace: 'monitoring',
+
+    etcd+:: {
+      ips: ['127.0.0.1'],
+      clientCA: importstr 'etcd-client-ca.crt',
+      clientKey: importstr 'etcd-client.key',
+      clientCert: importstr 'etcd-client.crt',
+      insecureSkipVerify: true,
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
diff --git a/contrib/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet b/contrib/kube-prometheus/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet
@@ -8,6 +8,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       clientKey: null,
       clientCert: null,
       serverName: null,
+      insecureSkipVerify: null,
     },
   },
   prometheus+:: {
@@ -65,7 +66,8 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
                 caFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client-ca.crt',
                 keyFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.key',
                 certFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.crt',
-                serverName: $._config.etcd.serverName,
+                [if $._config.etcd.serverName != null then 'serverName']: $._config.etcd.serverName,
+                [if $._config.etcd.insecureSkipVerify != null then 'insecureSkipVerify']: $._config.etcd.insecureSkipVerify,
               },
             },
           ],
diff --git a/contrib/kube-prometheus/jsonnetfile.lock.json b/contrib/kube-prometheus/jsonnetfile.lock.json
@@ -8,7 +8,7 @@
                     "subdir": "contrib/kube-prometheus/jsonnet/kube-prometheus"
                 }
             },
-            "version": "793d90134afffc41c07d0482794379962f3e14ec"
+            "version": "18d040769c2128c292330915d60f267e0d4bb325"
         },
         {
             "name": "ksonnet",
@@ -78,7 +78,7 @@
                     "subdir": "Documentation/etcd-mixin"
                 }
             },
-            "version": "6c9a853f04f8e0cde6139f3a9d04d00517407b91"
+            "version": "f87b566248bb0713a56dc55bc545aa5aad17ace0"
         }
     ]
 }

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`"subdir": "contrib/kube-prometheus/jsonnet/kube-prometheus"`
`9`	`9`	`}`
`10`	`10`	`},`
`11`		`- "version": "793d90134afffc41c07d0482794379962f3e14ec"`
	`11`	`+ "version": "18d040769c2128c292330915d60f267e0d4bb325"`
`12`	`12`	`},`
`13`	`13`	`{`
`14`	`14`	`"name": "ksonnet",`
`@@ -78,7 +78,7 @@`
`78`	`78`	`"subdir": "Documentation/etcd-mixin"`
`79`	`79`	`}`
`80`	`80`	`},`
`81`		`- "version": "6c9a853f04f8e0cde6139f3a9d04d00517407b91"`
	`81`	`+ "version": "f87b566248bb0713a56dc55bc545aa5aad17ace0"`
`82`	`82`	`}`
`83`	`83`	`]`
`84`	`84`	`}`