Add v1.TLSConfig to AlertManagerEndpoints

Documentation/api.md

@@ -65,7 +65,7 @@ AlertmanagerEndpoints defines a selection of a single Endpoints object containin
 | port | Port the Alertmanager API is exposed on. | intstr.IntOrString | true |
 | scheme | Scheme to use when firing alerts. | string | false |
 | pathPrefix | Prefix for the HTTP path alerts are pushed to. | string | false |
-| insecureSkipVerify | Disable target certificate validation. | bool | false |
+| tlsConfig | TLS Config to use for alertmanager connection. | *[TLSConfig](#tlsconfig) | false |
 
 [Back to TOC](#table-of-contents)
 

example/prometheus-operator-crd/prometheus.crd.yaml

@@ -544,9 +544,6 @@ spec:
                       Endpoints object containing alertmanager IPs to fire alerts
                       against.
                     properties:
-                      insecureSkipVerify:
-                        description: Disable target certificate validation.
-                        type: boolean
                       name:
                         description: Name of Endpoints object in Namespace.
                         type: string
@@ -560,6 +557,24 @@ spec:
                       scheme:
                         description: Scheme to use when firing alerts.
                         type: string
+                      tlsConfig:
+                        description: TLSConfig specifies TLS configuration parameters.
+                        properties:
+                          caFile:
+                            description: The CA cert to use for the targets.
+                            type: string
+                          certFile:
+                            description: The client cert file for the targets.
+                            type: string
+                          insecureSkipVerify:
+                            description: Disable target certificate validation.
+                            type: boolean
+                          keyFile:
+                            description: The client key file for the targets.
+                            type: string
+                          serverName:
+                            description: Used to verify the hostname for the targets.
+                            type: string
                     required:
                     - namespace
                     - name

pkg/client/monitoring/v1/openapi_generated.go

@@ -128,11 +128,10 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
 								Format:      "",
 							},
 						},
-						"insecureSkipVerify": {
+						"tlsConfig": {
 							SchemaProps: spec.SchemaProps{
-								Description: "Disable target certificate validation.",
-								Type:        []string{"boolean"},
-								Format:      "",
+								Description: "TLS Config to use for alertmanager connection.",
+								Ref:         ref("github.com/coreos/prometheus-operator/pkg/client/monitoring/v1.TLSConfig"),
 							},
 						},
 					},
@@ -140,7 +139,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA
 				},
 			},
 			Dependencies: []string{
-				"k8s.io/apimachinery/pkg/util/intstr.IntOrString"},
+				"github.com/coreos/prometheus-operator/pkg/client/monitoring/v1.TLSConfig", "k8s.io/apimachinery/pkg/util/intstr.IntOrString"},
 		},
 		"github.com/coreos/prometheus-operator/pkg/client/monitoring/v1.AlertmanagerList": {
 			Schema: spec.Schema{

pkg/client/monitoring/v1/types.go

@@ -269,8 +269,8 @@ type AlertmanagerEndpoints struct {
 	Scheme string `json:"scheme,omitempty"`
 	// Prefix for the HTTP path alerts are pushed to.
 	PathPrefix string `json:"pathPrefix,omitempty"`
-	// Disable target certificate validation.
-	InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
+	// TLS Config to use for alertmanager connection.
+	TLSConfig *TLSConfig `json:"tlsConfig,omitempty"`
 }
 
 // ServiceMonitor defines monitoring for a set of services.

pkg/client/monitoring/v1/zz_generated.deepcopy.go

@@ -131,7 +131,9 @@ func (in *AlertingSpec) DeepCopyInto(out *AlertingSpec) {
 	if in.Alertmanagers != nil {
 		in, out := &in.Alertmanagers, &out.Alertmanagers
 		*out = make([]AlertmanagerEndpoints, len(*in))
-		copy(*out, *in)
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
 	}
 	return
 }
@@ -178,6 +180,15 @@ func (in *Alertmanager) DeepCopy() *Alertmanager {
 func (in *AlertmanagerEndpoints) DeepCopyInto(out *AlertmanagerEndpoints) {
 	*out = *in
 	out.Port = in.Port
+	if in.TLSConfig != nil {
+		in, out := &in.TLSConfig, &out.TLSConfig
+		if *in == nil {
+			*out = nil
+		} else {
+			*out = new(TLSConfig)
+			**out = **in
+		}
+	}
 	return
 }
 

pkg/prometheus/promcfg.go

@@ -22,7 +22,7 @@ import (
 
 	"github.com/blang/semver"
 	"github.com/pkg/errors"
-	yaml "gopkg.in/yaml.v2"
+	"gopkg.in/yaml.v2"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/coreos/prometheus-operator/pkg/client/monitoring/v1"
@@ -56,6 +56,28 @@ func stringMapToMapSlice(m map[string]string) yaml.MapSlice {
 	return res
 }
 
+func addTLStoYaml(cfg yaml.MapSlice, tls *v1.TLSConfig) yaml.MapSlice {
+	if tls != nil {
+		tlsConfig := yaml.MapSlice{
+			{Key: "insecure_skip_verify", Value: tls.InsecureSkipVerify},
+		}
+		if tls.CAFile != "" {
+			tlsConfig = append(tlsConfig, yaml.MapItem{Key: "ca_file", Value: tls.CAFile})
+		}
+		if tls.CertFile != "" {
+			tlsConfig = append(tlsConfig, yaml.MapItem{Key: "cert_file", Value: tls.CertFile})
+		}
+		if tls.KeyFile != "" {
+			tlsConfig = append(tlsConfig, yaml.MapItem{Key: "key_file", Value: tls.KeyFile})
+		}
+		if tls.ServerName != "" {
+			tlsConfig = append(tlsConfig, yaml.MapItem{Key: "server_name", Value: tls.ServerName})
+		}
+		cfg = append(cfg, yaml.MapItem{Key: "tls_config", Value: tlsConfig})
+	}
+	return cfg
+}
+
 func generateConfig(p *v1.Prometheus, mons map[string]*v1.ServiceMonitor, ruleConfigMaps int, basicAuthSecrets map[string]BasicAuthCredentials) ([]byte, error) {
 	versionStr := p.Spec.Version
 	if versionStr == "" {
@@ -186,24 +208,9 @@ func generateServiceMonitorConfig(version semver.Version, m *v1.ServiceMonitor,
 	if ep.Scheme != "" {
 		cfg = append(cfg, yaml.MapItem{Key: "scheme", Value: ep.Scheme})
 	}
-	if ep.TLSConfig != nil {
-		tlsConfig := yaml.MapSlice{
-			{Key: "insecure_skip_verify", Value: ep.TLSConfig.InsecureSkipVerify},
-		}
-		if ep.TLSConfig.CAFile != "" {
-			tlsConfig = append(tlsConfig, yaml.MapItem{Key: "ca_file", Value: ep.TLSConfig.CAFile})
-		}
-		if ep.TLSConfig.CertFile != "" {
-			tlsConfig = append(tlsConfig, yaml.MapItem{Key: "cert_file", Value: ep.TLSConfig.CertFile})
-		}
-		if ep.TLSConfig.KeyFile != "" {
-			tlsConfig = append(tlsConfig, yaml.MapItem{Key: "key_file", Value: ep.TLSConfig.KeyFile})
-		}
-		if ep.TLSConfig.ServerName != "" {
-			tlsConfig = append(tlsConfig, yaml.MapItem{Key: "server_name", Value: ep.TLSConfig.ServerName})
-		}
-		cfg = append(cfg, yaml.MapItem{Key: "tls_config", Value: tlsConfig})
-	}
+
+	cfg = addTLStoYaml(cfg, ep.TLSConfig)
+
 	if ep.BearerTokenFile != "" {
 		cfg = append(cfg, yaml.MapItem{Key: "bearer_token_file", Value: ep.BearerTokenFile})
 	}
@@ -475,9 +482,10 @@ func generateAlertmanagerConfig(version semver.Version, am v1.AlertmanagerEndpoi
 	cfg := yaml.MapSlice{
 		{Key: "path_prefix", Value: am.PathPrefix},
 		{Key: "scheme", Value: am.Scheme},
-		{Key: "tls_config", Value: yaml.MapSlice{{Key: "insecure_skip_verify", Value: am.InsecureSkipVerify}}},
 	}
 
+	cfg = addTLStoYaml(cfg, am.TLSConfig)
+
 	switch version.Major {
 	case 1:
 		if version.Minor < 7 {
@@ -562,24 +570,7 @@ func generateRemoteReadConfig(version semver.Version, specs []v1.RemoteReadSpec,
 			cfg = append(cfg, yaml.MapItem{Key: "bearer_token_file", Value: spec.BearerTokenFile})
 		}
 
-		if spec.TLSConfig != nil {
-			tlsConfig := yaml.MapSlice{
-				{Key: "insecure_skip_verify", Value: spec.TLSConfig.InsecureSkipVerify},
-			}
-			if spec.TLSConfig.CAFile != "" {
-				tlsConfig = append(tlsConfig, yaml.MapItem{Key: "ca_file", Value: spec.TLSConfig.CAFile})
-			}
-			if spec.TLSConfig.CertFile != "" {
-				tlsConfig = append(tlsConfig, yaml.MapItem{Key: "cert_file", Value: spec.TLSConfig.CertFile})
-			}
-			if spec.TLSConfig.KeyFile != "" {
-				tlsConfig = append(tlsConfig, yaml.MapItem{Key: "key_file", Value: spec.TLSConfig.KeyFile})
-			}
-			if spec.TLSConfig.ServerName != "" {
-				tlsConfig = append(tlsConfig, yaml.MapItem{Key: "server_name", Value: spec.TLSConfig.ServerName})
-			}
-			cfg = append(cfg, yaml.MapItem{Key: "tls_config", Value: tlsConfig})
-		}
+		cfg = addTLStoYaml(cfg, spec.TLSConfig)
 
 		if spec.ProxyURL != "" {
 			cfg = append(cfg, yaml.MapItem{Key: "proxy_url", Value: spec.ProxyURL})
@@ -666,24 +657,7 @@ func generateRemoteWriteConfig(version semver.Version, specs []v1.RemoteWriteSpe
 			cfg = append(cfg, yaml.MapItem{Key: "bearer_token_file", Value: spec.BearerTokenFile})
 		}
 
-		if spec.TLSConfig != nil {
-			tlsConfig := yaml.MapSlice{
-				{Key: "insecure_skip_verify", Value: spec.TLSConfig.InsecureSkipVerify},
-			}
-			if spec.TLSConfig.CAFile != "" {
-				tlsConfig = append(tlsConfig, yaml.MapItem{Key: "ca_file", Value: spec.TLSConfig.CAFile})
-			}
-			if spec.TLSConfig.CertFile != "" {
-				tlsConfig = append(tlsConfig, yaml.MapItem{Key: "cert_file", Value: spec.TLSConfig.CertFile})
-			}
-			if spec.TLSConfig.KeyFile != "" {
-				tlsConfig = append(tlsConfig, yaml.MapItem{Key: "key_file", Value: spec.TLSConfig.KeyFile})
-			}
-			if spec.TLSConfig.ServerName != "" {
-				tlsConfig = append(tlsConfig, yaml.MapItem{Key: "server_name", Value: spec.TLSConfig.ServerName})
-			}
-			cfg = append(cfg, yaml.MapItem{Key: "tls_config", Value: tlsConfig})
-		}
+		cfg = addTLStoYaml(cfg, spec.TLSConfig)
 
 		if spec.ProxyURL != "" {
 			cfg = append(cfg, yaml.MapItem{Key: "proxy_url", Value: spec.ProxyURL})