tempo-query: separate tls settings for server and client (#4177)

* tempo-query: separate tls settings for server and client Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> * tempo-query: add changelog and comments to config Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de> --------- Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de>
grafana · Oct 14, 2024 · a2f70c9 · a2f70c9
1 parent 7f40dad
commit a2f70c9
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,6 @@
 ## main / unreleased
 
+* [ENHANCEMENT] tempo-query: separate tls settings for server and client [#4177](https://github.com/grafana/tempo/pull/4177) (@frzifus)
 * [ENHANCEMENT] Pushdown collection of results from generators in the querier [#4119](https://github.com/grafana/tempo/pull/4119) (@electron0zero)
 * [ENHANCEMENT] Send semver version in api/stattus/buildinfo for cloud deployments [#4110](https://github.com/grafana/tempo/pull/4110) [@Aki0x137]
 * [ENHANCEMENT] Speedup tempo-query trace search by allowing parallel queries [#4159](https://github.com/grafana/tempo/pull/4159) (@pavolloffay)

diff --git a/cmd/tempo-query/main.go b/cmd/tempo-query/main.go
@@ -57,7 +57,7 @@ func main() {
 		google_grpc.StreamInterceptor(otgrpc.OpenTracingStreamServerInterceptor(opentracing.GlobalTracer())),
 	}
 
-	if cfg.TLSEnabled {
+	if cfg.TLSServerEnabeld {
 		creds, err := credentials.NewClientTLSFromFile(cfg.TLS.CertPath, cfg.TLS.ServerName)
 		if err != nil {
 			logger.Error("failed to load TLS credentials", zap.Error(err))

diff --git a/cmd/tempo-query/tempo/config.go b/cmd/tempo-query/tempo/config.go
@@ -8,9 +8,12 @@ import (
 
 // Config holds the configuration for redbull.
 type Config struct {
-	Address               string           `yaml:"address"`
-	Backend               string           `yaml:"backend"`
-	TLSEnabled            bool             `yaml:"tls_enabled" category:"advanced"`
+	Address string `yaml:"address"`
+	Backend string `yaml:"backend"`
+	// TLSEnabled enables tls outgoing requests from tempo-query to tempo.
+	TLSEnabled bool `yaml:"tls_enabled" category:"advanced"`
+	// TLSServerEnabeld enables tls for incoming requests to the tempo-query API.
+	TLSServerEnabeld      bool             `yaml:"tls_server_enabled" category:"advanced"`
 	TLS                   tls.ClientConfig `yaml:",inline"`
 	TenantHeaderKey       string           `yaml:"tenant_header_key"`
 	QueryServicesDuration string           `yaml:"services_query_duration"`
@@ -27,6 +30,7 @@ func (c *Config) InitFromViper(v *viper.Viper) {
 	c.Address = address
 	c.Backend = v.GetString("backend")
 	c.TLSEnabled = v.GetBool("tls_enabled")
+	c.TLSServerEnabeld = v.GetBool("tls_server_enabled")
 	c.TLS.CertPath = v.GetString("tls_cert_path")
 	c.TLS.KeyPath = v.GetString("tls_key_path")
 	c.TLS.CAPath = v.GetString("tls_ca_path")