Merge pull request #103 from coreos/tlsconfig

Add TLS configuration options to ServiceMonitor
2025-04-21 03:38:43 +00:00 · 2017-01-17 16:25:41 +01:00 · 2017-01-17 16:25:41 +01:00 · 28d3241ce2
commit 28d3241ce2
parent 9001d9e780 b85338ace0
3 changed files with 53 additions and 5 deletions
--- a/Documentation/service-monitor.md
+++ b/Documentation/service-monitor.md
@ -40,6 +40,17 @@ of the service endpoints. This is also made possible by the Prometheus Operator.
 | path | HTTP path to scrape for metrics. | false | string | /metrics |
 | scheme | HTTP scheme to use for scraping | false | string | http |
 | interval | Interval at which metrics should be scraped | false | duration | 30s |
+| tlsConfig | TLS configuration to use when scraping the endpoint | false | TLSConfig | |
+
+### `TLSConfig`
+
+| Name | Description | Required | Schema | Default |
+| ---- | ----------- | -------- | ------ | ------- |
+| caFile | Path to the CA file. | false | string | |
+| certFile | Path to client certificate file | false | |
+| keyFile | Path to client key file | false | |
+| serverName | Server name used to verify host name | |
+| insecureSkipVerify | Skip certificate verification | false | bool | false |


 ## Current state and roadmap
--- a/pkg/client/monitoring/v1alpha1/types.go
+++ b/pkg/client/monitoring/v1alpha1/types.go
@ -115,11 +115,27 @@ type ServiceMonitorSpec struct {

 // Endpoint defines a scrapeable endpoint serving Prometheus metrics.
 type Endpoint struct {
-	Port       string             `json:"port"`
-	TargetPort intstr.IntOrString `json:"targetPort"`
-	Path       string             `json:"path"`
-	Scheme     string             `json:"scheme"`
-	Interval   string             `json:"interval"`
+	Port            string             `json:"port"`
+	TargetPort      intstr.IntOrString `json:"targetPort"`
+	Path            string             `json:"path"`
+	Scheme          string             `json:"scheme"`
+	Interval        string             `json:"interval"`
+	TLSConfig       *TLSConfig         `json:"tlsConfig"`
+	BearerTokenFile string             `json:"bearerTokenFile"`
+}
+
+// TLSConfig specifies TLS configuration parameters.
+type TLSConfig struct {
+	// The CA cert to use for the targets.
+	CAFile string `yaml:"caFile,omitempty"`
+	// The client cert file for the targets.
+	CertFile string `yaml:"certFile,omitempty"`
+	// The client key file for the targets.
+	KeyFile string `yaml:"keyFile,omitempty"`
+	// Used to verify the hostname for the targets.
+	ServerName string `yaml:"serverName,omitempty"`
+	// Disable target certificate validation.
+	InsecureSkipVerify bool `yaml:"insecureSkipVerify"`
 }

 // ServiceMonitorList is a list of ServiceMonitors.
--- a/pkg/prometheus/promcfg.go
+++ b/pkg/prometheus/promcfg.go
@ -81,6 +81,27 @@ func generateServiceMonitorConfig(m *v1alpha1.ServiceMonitor, ep v1alpha1.Endpoi
 	if ep.Scheme != "" {
 		cfg["scheme"] = ep.Scheme
 	}
+	if ep.TLSConfig != nil {
+		tlsConfig := map[string]interface{}{
+			"insecure_skip_verify": ep.TLSConfig.InsecureSkipVerify,
+		}
+		if ep.TLSConfig.CAFile != "" {
+			tlsConfig["ca_file"] = ep.TLSConfig.CAFile
+		}
+		if ep.TLSConfig.CertFile != "" {
+			tlsConfig["cert_file"] = ep.TLSConfig.CertFile
+		}
+		if ep.TLSConfig.KeyFile != "" {
+			tlsConfig["key_file"] = ep.TLSConfig.KeyFile
+		}
+		if ep.TLSConfig.ServerName != "" {
+			tlsConfig["server_name"] = ep.TLSConfig.ServerName
+		}
+		cfg["tls_config"] = tlsConfig
+	}
+	if ep.BearerTokenFile != "" {
+		cfg["bearer_token_file"] = ep.BearerTokenFile
+	}

 	var relabelings []interface{}