charts
charts copied to clipboard
bitnami
[bitnami/thanos] Unable to configure tls for thanos query frontend
Name and Version
thanos /13.2.0
What architecture are you using?
amd64
What steps will reproduce the bug?
In values.yaml i made the following entry
https:
## @param https.enabled Set to true to enable HTTPS. Requires a secret containing the certificate and key.
##
**enabled: true**
## @param https.autoGenerated Create self-signed TLS certificates.
##
autoGenerated: true
## @param https.existingSecret Existing secret containing your own server key and certificate
##
existingSecret: ""
#existingSecret: "thanos-qf.acmp-thanos-eks-53"
## @param https.certFilename
##
certFilename: "tls.crt"
#certFilename: "thanos-qf.acmp-thanos-eks-53.crt"
## @param https.keyFilename
##
keyFilename: "tls.key"
#keyFilename: "thanos-qf.acmp-thanos-eks-53.key"
## @param https.caFilename
##
caFilename: "ca.crt"
ingress is off for all the components
i have opened the following componetns svc as nodeport compactor, queryFrontend , storegateway
out of which compactor and storegateway UI is working fine with https but queryFrontend fails with error
Are you using any custom parameters or values?
no
What is the expected behavior?
UI should open in https mode
What do you see instead?
Additional information
No response
Hi @sakeebshaikh74
ingress is off for all the components
i have opened the following componetns svc as nodeport compactor, queryFrontend , storegateway
out of which compactor and storegateway UI is working fine with https but queryFrontend fails with error
I can see you are also enabling compactor and storegateway. Could you please share your values.yaml with all the changes to reproduce the issue?
Hi @sakeebshaikh74
Thanks for sharing it.
I was able to test a succesfull connection with these steps:
# Run a pod with minideb
$ kubectl run -it --rm minideb --image bitnami/minideb -- bash
# Install OpenSSL
root@minideb:/# apt update
root@minideb:/# apt install openssl
# Connect using TLS
root@minideb:/# openssl s_client -connect thanos-query-frontend:9090
It seems it is running on AWS behind a Load Balancer. According to this [1] you would need to set specific annotation to target https pods: service.beta.kubernetes.io/aws-load-balancer-backend-protocol
[1] https://kubernetes.io/docs/concepts/services-networking/#ssl-support-on-aws
@dgomezleon I tried adding the annotation
annotations: kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/proxy-ssl-verify: "false"
nginx.ingress.kubernetes.io/rewrite-target: /$1
nginx.ingress.kubernetes.io/use-regex: "true"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: HTTPS
it is still the same
Hi @sakeebshaikh74 ,
Did you verify a successful connection using OpenSSL as I did in order to reduce the scope? If that works the issue is probably related to AWS.
Hello @sakeebshaikh74,
This issue should be fixed by #25175.
Before, Thanos query url configured in query-frontend was always using HTTP, regardless of https.enabled flag, causing the issue.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.