[kube-prometheus-stack] Add ability to inject custom CAs - specifically for Thanos Sidecar #2185
Labels
Comments
|
Ping |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
|
The same issue here. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
|
This issue is being automatically closed due to inactivity. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem ?
Right now self-hosted S3 services such as MinIO are not trusted by the Thanos sidecar when using a private CA. Injecting a custom CA certificate is not possible without touching or modifying the actual deployments. The helm chart doesn't currently allow for any injection of CA certs as far as I could tell - if so documentation for this is lacking.
This PR shows that this feature was implemented in Thanos itself and it theoretically should be as simple as adding a volume mount.
Describe the solution you'd like.
Ideally there'd be a way to either provide a secret or configmap to the prometheus or thanossidecar container that already mounts in the proper place.
If that is deemed to unflexible, then at least a way to mount secrets or configmaps with custom paths should be parsed through.
Describe alternatives you've considered.
From what I was able to gather an alternative is to set an environment variable that contains a path to the ca-bundle file. Setting env variables is however also not possible via the helm chart.
Additional context.
No response
The text was updated successfully, but these errors were encountered: