Extend and document TLS configuration

Documentation/service-monitor.md

@@ -40,6 +40,17 @@ of the service endpoints. This is also made possible by the Prometheus Operator.
 | path | HTTP path to scrape for metrics. | false | string | /metrics |
 | scheme | HTTP scheme to use for scraping | false | string | http |
 | interval | Interval at which metrics should be scraped | false | duration | 30s |
+| tlsConfig | TLS configuration to use when scraping the endpoint | false | TLSConfig | |
+
+### `TLSConfig`
+
+| Name | Description | Required | Schema | Default |
+| ---- | ----------- | -------- | ------ | ------- |
+| caFile | Path to the CA file. | false | string | |
+| certFile | Path to client certificate file | false | |
+| keyFile | Path to client key file | false | |
+| serverName | Server name used to verify host name | |
+| insecureSkipVerify | Skip certificate verification | false | bool | false |
 
 
 ## Current state and roadmap

pkg/client/monitoring/v1alpha1/types.go

@@ -120,13 +120,22 @@ type Endpoint struct {
 	Path            string             `json:"path"`
 	Scheme          string             `json:"scheme"`
 	Interval        string             `json:"interval"`
-	TlsConfig       *TlsConfig         `json:"tlsConfig"`
+	TLSConfig       *TLSConfig         `json:"tlsConfig"`
 	BearerTokenFile string             `json:"bearerTokenFile"`
 }
 
-type TlsConfig struct {
-	CaFile             string `json:"caFile,omitempty"`
-	InsecureSkipVerify bool   `json:"insecureSkipVerify,omitempty"`
+// TLSConfig specifies TLS configuration parameters.
+type TLSConfig struct {
+	// The CA cert to use for the targets.
+	CAFile string `yaml:"caFile,omitempty"`
+	// The client cert file for the targets.
+	CertFile string `yaml:"certFile,omitempty"`
+	// The client key file for the targets.
+	KeyFile string `yaml:"keyFile,omitempty"`
+	// Used to verify the hostname for the targets.
+	ServerName string `yaml:"serverName,omitempty"`
+	// Disable target certificate validation.
+	InsecureSkipVerify bool `yaml:"insecureSkipVerify"`
 }
 
 // ServiceMonitorList is a list of ServiceMonitors.

pkg/prometheus/promcfg.go

@@ -81,12 +81,21 @@ func generateServiceMonitorConfig(m *v1alpha1.ServiceMonitor, ep v1alpha1.Endpoi
 	if ep.Scheme != "" {
 		cfg["scheme"] = ep.Scheme
 	}
-	if ep.TlsConfig != nil {
+	if ep.TLSConfig != nil {
 		tlsConfig := map[string]interface{}{
-			"insecure_skip_verify": ep.TlsConfig.InsecureSkipVerify,
+			"insecure_skip_verify": ep.TLSConfig.InsecureSkipVerify,
 		}
-		if ep.TlsConfig.CaFile != "" {
-			tlsConfig["ca_file"] = ep.TlsConfig.CaFile
+		if ep.TLSConfig.CAFile != "" {
+			tlsConfig["ca_file"] = ep.TLSConfig.CAFile
+		}
+		if ep.TLSConfig.CertFile != "" {
+			tlsConfig["cert_file"] = ep.TLSConfig.CertFile
+		}
+		if ep.TLSConfig.KeyFile != "" {
+			tlsConfig["key_file"] = ep.TLSConfig.KeyFile
+		}
+		if ep.TLSConfig.ServerName != "" {
+			tlsConfig["server_name"] = ep.TLSConfig.ServerName
 		}
 		cfg["tls_config"] = tlsConfig
 	}