feat: Add support for native TLS

[mayankshah1607]

Fixes #1353

• uses exporter-toolkit library to add native TLS
• introduce new flag tls-config to pass the path to TLS config file

Signed-off-by: Mayank Shah mayankshah1614@gmail.com

[mayankshah1607]

Hi @lilic @brancz
If this approach looks good, I'd like to add relevant tests to ensure TLS is working as expected. I am not really sure why ci-validate-manifests is failing - I would really appreciate any help on that.

PTAL, thanks! :)

[dgrisonnet]

Hi @mayankshah1607, it seems to be failing because of a conflict with the yaml package. Bumping gojsontoyaml to brancz/gojsontoyaml@202f76b should prevent that.

[dgrisonnet]

If we want to go forward with the TLS configuration from the exporter-toolkit, we might want to document that the configuration can be found here: https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md

[mayankshah1607]

Hi @mayankshah1607, it seems to be failing because of a conflict with the yaml package. Bumping gojsontoyaml to brancz/gojsontoyaml@202f76b should prevent that.

Thanks @dgrisonnet. I tried bumping it, but it did not seem to help. Could there be any other reason?

[dgrisonnet]

Hum yes, after taking another look, it seems that I understood the error the other way around. The current examples/prometheus-alerting-rules/alerts.yaml manifest seems to have been incorrectly generated with the breaking version v2.3.0 of the yaml package. By introducing a new transitive-dependency on v2.4.0, you fixed this problem and made it possible to regenerate the manifest properly. Hence, regenerating the manifest and pushing the changes to this PR seems to be the right solution here.
Also, since the current gojsontoyaml version is not bound to v2.3.0, there is no need to bump it. Sorry for the inconvenience on that one.

[mayankshah1607]

Thanks @dgrisonnet

If we want to go forward with the TLS configuration from the exporter-toolkit, we might want to document that the configuration can be found here: https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md

If everything looks fine in this PR, I could go ahead an add the required documentation.

[tariq1890]

@mayankshah1607 Thanks so much for your PR. I have provided my review comments. Let me know if you need any more clarifications around them :)

[mayankshah1607]

thanks @tariq1890
I have made all the required changes. PTAL! :)

[tariq1890]

So the PR e2e tests are failing because of this statement in the logs

E0125 07:24:39.122249 1 main.go:63] levelinfomsgTLS is disabled.http2false

That's a klog error. I think we might need use to klog.Info instead in the new interface implementing method.

Also, that's not a well-formed log message . A tad concerning

[tariq1890]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mayankshah1607, tariq1890

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [tariq1890]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[prasunsultania]

is there a sample --tls-config file ?

[invidian]

@prasunsultania it's here: https://github.com/prometheus/exporter-toolkit/blob/19e732caf179e5deb553a9cb2bb2da983dd0d830/web/web-config.yml

And here is the full config structure as far as I understand: https://github.com/prometheus/exporter-toolkit/blob/19e732caf179e5deb553a9cb2bb2da983dd0d830/web/tls_config.go#L36-L64