Expose S3 client TLS configuration #1981
Comments
|
The above PR was closed. Tempo has recently added support for the TLS config from dskit. https://github.com/grafana/dskit/blob/main/crypto/tls/tls.go#L87 Mimir may be able to embed this also for consistency of tls options. |
|
still can't find any information how to set up TLS CA cert file for S3/Minio connection |
|
Same issue here, I would love an option where i could use the Helm Chart's Common Storage Section in order to list a configmap or a secret that allows me to set a TLS cert. Was able to get it working with skip_verify option, see PR for docs here: #7135 perhaps it, at least allows you to continue till a TLS cert injection is possible :) |
|
I was able to work around the lack of config by placing my CA cert in |
How did you get it there? Via the helm chart? Or did you adjust the Mimir image? I wonder :) |
|
I'm not using helm, but I just mounted a configmap at the location in k8s. |
I think the way to go would be either implementing this workaround in the helm chart, or push forward #2652. |
Is your feature request related to a problem? Please describe.
When using an S3 compatible object storage provider, it might be the case that you need to provision the S3 client with the certificates in order to verify the server certificate. The only solution presently is to enable insecure verification as you cannot provide TLS config to the s3 client via our current configuration parameters.
Describe the solution you'd like
The Thanos S3 client used in Mimir supports TLS configuration (
mimir/vendor/github.com/thanos-io/thanos/pkg/objstore/s3/s3.go
Line 121 in b1b9882
Describe alternatives you've considered
None yet.
Additional context
None yet.
The text was updated successfully, but these errors were encountered: