diff --git a/CHANGELOG.md b/CHANGELOG.md index 42a051a3e7c..d933ec0173a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -46,6 +46,7 @@ * [ENHANCEMENT] Speedup DistinctValue collector and exit early for ingesters [#4104](https://github.com/grafana/tempo/pull/4104) (@electron0zero) * [ENHANCEMENT] Add disk caching in ingester SearchTagValuesV2 for completed blocks [#4069](https://github.com/grafana/tempo/pull/4069) (@electron0zero) * [ENHANCEMENT] Add a max flush attempts and metric to the metrics generator [#4254](https://github.com/grafana/tempo/pull/4254) (@joe-elliott) +* [ENHANCEMENT] Added `insecure-skip-verify` option in tempo-cli to skip SSL certificate validation when connecting to the S3 backend. [#44236](https://github.com/grafana/tempo/pull/4259) (@faridtmammadov) * [BUGFIX] Replace hedged requests roundtrips total with a counter. [#4063](https://github.com/grafana/tempo/pull/4063) [#4078](https://github.com/grafana/tempo/pull/4078) (@galalen) * [BUGFIX] Metrics generators: Correctly drop from the ring before stopping ingestion to reduce drops during a rollout. [#4101](https://github.com/grafana/tempo/pull/4101) (@joe-elliott) * [BUGFIX] Correctly handle 400 Bad Request and 404 Not Found in gRPC streaming [#4144](https://github.com/grafana/tempo/pull/4144) (@mapno) diff --git a/cmd/tempo-cli/main.go b/cmd/tempo-cli/main.go index 3d046e79dd5..586a2ce2cec 100644 --- a/cmd/tempo-cli/main.go +++ b/cmd/tempo-cli/main.go @@ -30,9 +30,10 @@ type backendOptions struct { Backend string `help:"backend to connect to (s3/gcs/local/azure), optional, overrides backend in config file" enum:",s3,gcs,local,azure" default:""` Bucket string `help:"bucket (or path on local backend) to scan, optional, overrides bucket in config file"` - S3Endpoint string `name:"s3-endpoint" help:"s3 endpoint (s3.dualstack.us-east-2.amazonaws.com), optional, overrides endpoint in config file"` - S3User string `name:"s3-user" help:"s3 username, optional, overrides username in config file"` - S3Pass string `name:"s3-pass" help:"s3 password, optional, overrides password in config file"` + S3Endpoint string `name:"s3-endpoint" help:"s3 endpoint (s3.dualstack.us-east-2.amazonaws.com), optional, overrides endpoint in config file"` + S3User string `name:"s3-user" help:"s3 username, optional, overrides username in config file"` + S3Pass string `name:"s3-pass" help:"s3 password, optional, overrides password in config file"` + InsecureSkipVerify bool `name:"insecure-skip-verify" help:"skip TLS verification, only applies to S3 and GCS" default:"false"` } var cli struct { @@ -131,6 +132,9 @@ func loadBackend(b *backendOptions, g *globalOptions) (backend.Reader, backend.W cfg.StorageConfig.Trace.Azure.ContainerName = b.Bucket } + cfg.StorageConfig.Trace.S3.InsecureSkipVerify = b.InsecureSkipVerify + cfg.StorageConfig.Trace.GCS.Insecure = b.InsecureSkipVerify + if b.S3Endpoint != "" { cfg.StorageConfig.Trace.S3.Endpoint = b.S3Endpoint } diff --git a/docs/sources/tempo/operations/tempo_cli.md b/docs/sources/tempo/operations/tempo_cli.md index 695583d0715..fc810b3ba26 100644 --- a/docs/sources/tempo/operations/tempo_cli.md +++ b/docs/sources/tempo/operations/tempo_cli.md @@ -53,6 +53,7 @@ The backend can be configured in a few ways: * `--s3-endpoint ` The S3 API endpoint (i.e. s3.dualstack.us-east-2.amazonaws.com). * `--s3-user `, `--s3-password ` The S3 user name and password (or access key and secret key). Optional, as Tempo CLI supports the same authentication mechanisms as Tempo. See [S3 permissions documentation]({{< relref "../configuration/hosted-storage/s3" >}}) for more information. + * `--insecure-skip-verify` skip TLS verification, only applies to S3 and GCS. Each option applies only to the command in which it is used. For example, `--backend ` does not permanently change where Tempo stores data. It only changes it for command in which you apply the option.