Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tlsConfig for ingester ring consul and etcd kvstore #2428

Closed
reidlai opened this issue Jul 28, 2020 · 5 comments
Closed

Add tlsConfig for ingester ring consul and etcd kvstore #2428

reidlai opened this issue Jul 28, 2020 · 5 comments
Labels
stale A stale issue or PR that will automatically be closed.

Comments

@reidlai
Copy link

reidlai commented Jul 28, 2020

Is your feature request related to a problem? Please describe.
Based on current Loki configuration, there is no options to provide ca.crt, tls.crt and tls.key if Consul and Etcd are using HTTPS for connection

Describe the solution you'd like
if there is option tlsConfig and allow us to specify path or secret name which store ca.crt, tls.crt, and tls.key, it will be easy to implement private inter pod connection.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

@stale
Copy link

stale bot commented Aug 27, 2020

This issue has been automatically marked as stale because it has not had any activity in the past 30 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale A stale issue or PR that will automatically be closed. label Aug 27, 2020
@stale stale bot closed this as completed Sep 4, 2020
@miro-balaz
Copy link

miro-balaz commented Feb 15, 2021

Maybe mounting CA file into standard location would work https://golang.org/src/crypto/x509/root_linux.go

@tcassaert
Copy link

Could this be reopened? This currently makes it impossible to use the consul kv store when you have your consul setup with TLS.

@gil0mendes
Copy link

I'm also creating a new cluster, and I was looking for applying TLS to all the connections, but without options to specify that the connection must be made via HTTPS isn't possible. 😕

There are any plans for this feature to be added in the near future or a discussion/issue for me to follow? Tks

@mxab
Copy link

mxab commented Aug 7, 2023

We're facing the same issue currently.

I looked a bit in the code.
As far as I unstand this Loki uses Grafana's Distributed systems kit

For consul it uses the official consul client, which can already be configured a lot by environment variables.

Unfortunatelly the way they instanciate the client the tls related env vars are irgnored.

I created an issue for this here:
grafana/dskit#346

and a potential fix for it grafana/dskit#348

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
stale A stale issue or PR that will automatically be closed.
Projects
None yet
Development

No branches or pull requests

5 participants