Skip to content

feat: add TLS support for communication from the Ruler-->AM #3752

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Feb 2, 2021
Merged

feat: add TLS support for communication from the Ruler-->AM #3752

merged 11 commits into from
Feb 2, 2021

Conversation

jtlisi
Copy link
Contributor

@jtlisi jtlisi commented Jan 27, 2021
edited
Loading

What this PR does:

  • Adds the option to configure TLS for communication between the Ruler/Alertmanager
  • Adds explicit basic authentication configuration options for the Ruler AM client

Which issue(s) this PR fixes:
Fixes #3751

Checklist

  • Update integration tests
  • Update generated documentation
  • CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

@jtlisi jtlisi force-pushed the 20210127_ruler_am_TLS branch from bf30ece to b7b29fb Compare January 27, 2021 21:49
@pull-request-size pull-request-size bot added size/L and removed size/M labels Jan 27, 2021
@jtlisi jtlisi force-pushed the 20210127_ruler_am_TLS branch from 2aa0016 to eea9780 Compare January 27, 2021 22:31
@jtlisi jtlisi marked this pull request as ready for review January 27, 2021 22:32
@jtlisi jtlisi force-pushed the 20210127_ruler_am_TLS branch from e77a0e1 to c5d9203 Compare January 28, 2021 14:11
@pstibrany pstibrany mentioned this pull request Jan 28, 2021
Merged
3 tasks
@jtlisi jtlisi force-pushed the 20210127_ruler_am_TLS branch from c5d9203 to b310997 Compare January 29, 2021 02:15
pracucci
pracucci reviewed Jan 29, 2021
View reviewed changes
integration/e2ecortex/services.go
@@ -350,6 +350,26 @@ func NewAlertmanager(name string, flags map[string]string, image string) *Cortex
)
}

func NewAlertmanagerWithTLS(name string, flags map[string]string, image string) *CortexService {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To my understanding the only difference between this and NewAlertmanager is the readiness probe. What's the problem making the readiness probe working with HTTPS too?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only reason I didn't do this was because it required a change to the function parameters in the e2e package that were rather far reaching. Would it be acceptable to do this in a separate PR?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. I haven't checked the complexity and it's not a big deal.

@jtlisi jtlisi force-pushed the 20210127_ruler_am_TLS branch from b0f0d50 to 3db66b5 Compare January 29, 2021 19:09
jtlisi added 6 commits January 29, 2021 14:52
@jtlisi
feat: add TLS support for communication from the Ruler-->AM
051a641 
Signed-off-by: Jacob Lisi <jacob.t.lisi@gmail.com>

add simple integration test

generate documentation

update changelog

Signed-off-by: Jacob Lisi <jacob.t.lisi@gmail.com>
@jtlisi
fix receiver
c5d8c8e 
Signed-off-by: Jacob Lisi <jacob.t.lisi@gmail.com>
@jtlisi
refactor: rename IsZero -> IsEnabled, fix flag prefix, improve help t…
a1a5dea 
…ext, update changelog

Signed-off-by: Jacob Lisi <jacob.t.lisi@gmail.com>
@jtlisi
rebuild docs
60e59b1 
Signed-off-by: Jacob Lisi <jacob.t.lisi@gmail.com>
@jtlisi
rebase, docs, tests
70dc087 
Signed-off-by: Jacob Lisi <jacob.t.lisi@gmail.com>
@jtlisi
fix unit tests
1d07701 
Signed-off-by: Jacob Lisi <jacob.t.lisi@gmail.com>
@jtlisi jtlisi force-pushed the 20210127_ruler_am_TLS branch from 9a2e685 to 1d07701 Compare January 29, 2021 20:19
jtlisi added 2 commits January 29, 2021 16:04
@jtlisi
change flags for integration test
5aed44c 
Signed-off-by: Jacob Lisi <jacob.t.lisi@gmail.com>
@jtlisi
fix integration tests
ad960a7 
Signed-off-by: Jacob Lisi <jacob.t.lisi@gmail.com>
@jtlisi jtlisi requested review from pracucci and pstibrany February 1, 2021 14:05
pracucci
pracucci reviewed Feb 1, 2021
View reviewed changes
Copy link
Contributor

@pracucci pracucci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot @jtlisi for addressing my comments. I left more comments about the YAML / CLI naming (sorry for being annoying about it, but we're trying hard to keep some consistency).

@jtlisi
rectify PR comments
3be161d 
Signed-off-by: Jacob Lisi <jacob.t.lisi@gmail.com>
@jtlisi jtlisi requested a review from pracucci February 2, 2021 00:36
pstibrany
pstibrany approved these changes Feb 2, 2021
View reviewed changes
Copy link
Contributor

@pstibrany pstibrany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but I'd suggest to avoid embedding for notifier config.

pkg/ruler/ruler.go Outdated
@@ -86,6 +86,8 @@ type Config struct {
NotificationQueueCapacity int `yaml:"notification_queue_capacity"`
// HTTP timeout duration when sending notifications to the Alertmanager.
NotificationTimeout time.Duration `yaml:"notification_timeout"`
// Client configs for interacting with the Alertmanager
NotifierConfig `yaml:"alertmanager_client"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this embedded field instead of named field? Nothing else in this struct is using embedding.

@jtlisi
make Notifier a non-embedded config field
e199ef5 
Signed-off-by: Jacob Lisi <jacob.t.lisi@gmail.com>
pracucci
pracucci approved these changes Feb 2, 2021
View reviewed changes
Copy link
Contributor

@pracucci pracucci left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks a lot for patiently addressing my feedback 🙏 🚀

@pracucci pracucci merged commit b76fb6b into cortexproject:master Feb 2, 2021
@jtlisi jtlisi mentioned this pull request Feb 12, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pstibrany pstibrany pstibrany approved these changes

@pracucci pracucci pracucci approved these changes

Assignees
No one assigned
Labels
size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Enable TLS for Ruler-->Alertmanager
3 participants
@jtlisi @pstibrany @pracucci