Add tlsConfig for ingester ring consul and etcd kvstore #2428
Comments
|
This issue has been automatically marked as stale because it has not had any activity in the past 30 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. |
|
Maybe mounting CA file into standard location would work https://golang.org/src/crypto/x509/root_linux.go |
|
Could this be reopened? This currently makes it impossible to use the consul kv store when you have your consul setup with TLS. |
|
I'm also creating a new cluster, and I was looking for applying TLS to all the connections, but without options to specify that the connection must be made via HTTPS isn't possible. 😕 There are any plans for this feature to be added in the near future or a discussion/issue for me to follow? Tks |
|
We're facing the same issue currently. I looked a bit in the code. For consul it uses the official consul client, which can already be configured a lot by environment variables. Unfortunatelly the way they instanciate the client the tls related env vars are irgnored. I created an issue for this here: and a potential fix for it grafana/dskit#348 |
Is your feature request related to a problem? Please describe.
Based on current Loki configuration, there is no options to provide ca.crt, tls.crt and tls.key if Consul and Etcd are using HTTPS for connection
Describe the solution you'd like
if there is option tlsConfig and allow us to specify path or secret name which store ca.crt, tls.crt, and tls.key, it will be easy to implement private inter pod connection.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: