Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[loki-canary] Add ability to load client certs for reader TLS connection to Loki #6295

Closed
chodges15 opened this issue Jun 2, 2022 · 0 comments · Fixed by #6310
Closed

[loki-canary] Add ability to load client certs for reader TLS connection to Loki #6295

chodges15 opened this issue Jun 2, 2022 · 0 comments · Fixed by #6310

Comments

@chodges15
Copy link
Contributor

Is your feature request related to a problem? Please describe.
When deploying Loki in an environment secured by mTLS it is necessary to have loki-canary support loading client-side certificates. In this case, requests to Loki that do not have an authorized subject name in the client side cert would be dropped (dependent on #6283).

Describe the solution you'd like
Add a set of flags to loki-canary that will allow specifying filenames for a PEM encoded cert, key, and CA. Then use these to create a transport with TLSClientConfig for the net/http client to override the default DefaultTransport when client certs are provided.

Describe alternatives you've considered
A proxy sidecar could be deployed that would handle the TLS connection to Loki and communicate to loki-canary over http.

Additional context
This is part of a larger effort to comply with a Zero Trust security model.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

loki-canary: Add support for client-side TLS certs for Loki connection chodges15/loki
1 participant
@chodges15