Diffusion puppet-swh-site e60ee5cf32a2

Use Let's Encrypt to secure thanos gRPC communications
e60ee5cf32a2
Actions

Tags

None

Subscribers

None

Description

Use Let's Encrypt to secure thanos gRPC communications

The thanos grpc client only knows to encrypt no client communicatons, or
to encrypt all client communications. As the external thanos components
will need to be deployed behind TLS, we need to also deploy TLS for
internal components for consistency.

The alternative would be deploying gRPC client proxies that would be
able to handle TLS decapsulation, e.g. envoy or nginx, which seems
pretty heavy-handed.

Details

Provenance

olasd	Authored on Jul 13 2022, 5:41 PM
olasd	Pushed on Jul 13 2022, 6:00 PM

Parents

rSPSITEd369f42d2d7a: Add support for admin.swh.network in the swh_hostname fact

Branches

Unknown

Tags

Unknown

Event Timeline

olasd committed rSPSITEe60ee5cf32a2: Use Let's Encrypt to secure thanos gRPC communications (authored by olasd).Jul 13 2022, 5:57 PM

Changes (5)

Path

Size

site-modules/

profile/

manifests/

thanos/

prometheus_sidecar.pp

tls_certificate.pp

templates/

thanos/

gateway@.service.erb

rSPSITEe60ee5cf32a2

site-modules/profile/manifests/thanos/gateway.pp

Loading...

site-modules/profile/manifests/thanos/prometheus_sidecar.pp

Loading...

site-modules/profile/manifests/thanos/query.pp

Loading...

site-modules/profile/manifests/thanos/tls_certificate.pp

Loading...

site-modules/profile/templates/thanos/gateway@.service.erb

Loading...