You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
When deploying Loki in an environment secured by mTLS it is necessary to have loki-canary support loading client-side certificates. In this case, requests to Loki that do not have an authorized subject name in the client side cert would be dropped (dependent on #6283).
Describe the solution you'd like
Add a set of flags to loki-canary that will allow specifying filenames for a PEM encoded cert, key, and CA. Then use these to create a transport with TLSClientConfig for the net/http client to override the default DefaultTransport when client certs are provided.
Describe alternatives you've considered
A proxy sidecar could be deployed that would handle the TLS connection to Loki and communicate to loki-canary over http.
Additional context
This is part of a larger effort to comply with a Zero Trust security model.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
When deploying Loki in an environment secured by mTLS it is necessary to have loki-canary support loading client-side certificates. In this case, requests to Loki that do not have an authorized subject name in the client side cert would be dropped (dependent on #6283).
Describe the solution you'd like
Add a set of flags to loki-canary that will allow specifying filenames for a PEM encoded cert, key, and CA. Then use these to create a transport with
TLSClientConfig
for thenet/http
client to override the defaultDefaultTransport
when client certs are provided.Describe alternatives you've considered
A proxy sidecar could be deployed that would handle the TLS connection to Loki and communicate to loki-canary over http.
Additional context
This is part of a larger effort to comply with a Zero Trust security model.
The text was updated successfully, but these errors were encountered: