From 1eede1d1a2e109983e2445c2126435f9363e6c0e Mon Sep 17 00:00:00 2001 From: pureiboi <17396188+pureiboi@users.noreply.github.com> Date: Wed, 21 Aug 2024 01:50:53 +0800 Subject: [PATCH 1/4] optional tls version logic Signed-off-by: pureiboi <17396188+pureiboi@users.noreply.github.com> --- CHANGELOG.md | 1 + cmd/thanos/config.go | 4 +++ cmd/thanos/query.go | 2 +- cmd/thanos/receive.go | 27 ++++++++++-------- cmd/thanos/rule.go | 2 +- cmd/thanos/sidecar.go | 2 +- cmd/thanos/store.go | 2 +- docs/components/query.md | 4 +++ docs/components/receive.md | 8 ++++++ docs/components/rule.md | 4 +++ docs/components/sidecar.md | 4 +++ docs/components/store.md | 4 +++ pkg/tls/options.go | 44 +++++++++++++++++++++++++++-- pkg/tls/options_test.go | 58 ++++++++++++++++++++++++++++++++++++++ test/e2e/tls_test.go | 6 ++-- 15 files changed, 152 insertions(+), 20 deletions(-) create mode 100644 pkg/tls/options_test.go diff --git a/CHANGELOG.md b/CHANGELOG.md index c39767b6c4..5e2b490037 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -27,6 +27,7 @@ We use *breaking :warning:* to mark changes that are not backward compatible (re - [#7429](https://github.com/thanos-io/thanos/pull/7429): Reloader: introduce `TolerateEnvVarExpansionErrors` to allow suppressing errors when expanding environment variables in the configuration file. When set, this will ensure that the reloader won't consider the operation to fail when an unset environment variable is encountered. Note that all unset environment variables are left as is, whereas all set environment variables are expanded as usual. - [#7560](https://github.com/thanos-io/thanos/pull/7560) Query: Added the possibility of filtering rules by rule_name, rule_group or file to HTTP api. - [#7652](https://github.com/thanos-io/thanos/pull/7652) Store: Implement metadata API limit in stores. +- [#7654](https://github.com/thanos-io/thanos/pull/7654) *: Add '--grpc-server-tls-min-version' flag to allow user to specify TLS version, otherwise default to TLS 1.3 ### Changed diff --git a/cmd/thanos/config.go b/cmd/thanos/config.go index 3ce069c1b2..b60f8819e5 100644 --- a/cmd/thanos/config.go +++ b/cmd/thanos/config.go @@ -28,6 +28,7 @@ type grpcConfig struct { tlsSrvCert string tlsSrvKey string tlsSrvClientCA string + tlsMinVersion string gracePeriod time.Duration maxConnectionAge time.Duration } @@ -45,6 +46,9 @@ func (gc *grpcConfig) registerFlag(cmd extkingpin.FlagClause) *grpcConfig { cmd.Flag("grpc-server-tls-client-ca", "TLS CA to verify clients against. If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)"). Default("").StringVar(&gc.tlsSrvClientCA) + cmd.Flag("grpc-server-tls-min-version", + "TLS minimum version to gRPC server, unset will default to tls 1.3, allow values: [\"1.0\", \"1.1\", \"1.2\", \"1.3\"]"). + Default("1.3").StringVar(&gc.tlsMinVersion) cmd.Flag("grpc-server-max-connection-age", "The grpc server max connection age. This controls how often to re-establish connections and redo TLS handshakes."). Default("60m").DurationVar(&gc.maxConnectionAge) cmd.Flag("grpc-grace-period", diff --git a/cmd/thanos/query.go b/cmd/thanos/query.go index eaf14a74af..94676d4da9 100644 --- a/cmd/thanos/query.go +++ b/cmd/thanos/query.go @@ -789,7 +789,7 @@ func runQuery( } // Start query (proxy) gRPC StoreAPI. { - tlsCfg, err := tls.NewServerConfig(log.With(logger, "protocol", "gRPC"), grpcServerConfig.tlsSrvCert, grpcServerConfig.tlsSrvKey, grpcServerConfig.tlsSrvClientCA) + tlsCfg, err := tls.NewServerConfig(log.With(logger, "protocol", "gRPC"), grpcServerConfig.tlsSrvCert, grpcServerConfig.tlsSrvKey, grpcServerConfig.tlsSrvClientCA, grpcServerConfig.tlsMinVersion) if err != nil { return errors.Wrap(err, "setup gRPC server") } diff --git a/cmd/thanos/receive.go b/cmd/thanos/receive.go index c517cf8aa5..c90a4810ed 100644 --- a/cmd/thanos/receive.go +++ b/cmd/thanos/receive.go @@ -136,7 +136,7 @@ func runReceive( level.Info(logger).Log("mode", receiveMode, "msg", "running receive") - rwTLSConfig, err := tls.NewServerConfig(log.With(logger, "protocol", "HTTP"), conf.rwServerCert, conf.rwServerKey, conf.rwServerClientCA) + rwTLSConfig, err := tls.NewServerConfig(log.With(logger, "protocol", "HTTP"), conf.rwServerCert, conf.rwServerKey, conf.rwServerClientCA, conf.rwServerTlsMinVersion) if err != nil { return err } @@ -316,7 +316,7 @@ func runReceive( level.Debug(logger).Log("msg", "setting up gRPC server") { - tlsCfg, err := tls.NewServerConfig(log.With(logger, "protocol", "gRPC"), conf.grpcConfig.tlsSrvCert, conf.grpcConfig.tlsSrvKey, conf.grpcConfig.tlsSrvClientCA) + tlsCfg, err := tls.NewServerConfig(log.With(logger, "protocol", "gRPC"), conf.grpcConfig.tlsSrvCert, conf.grpcConfig.tlsSrvKey, conf.grpcConfig.tlsSrvClientCA, conf.grpcConfig.tlsMinVersion) if err != nil { return errors.Wrap(err, "setup gRPC server") } @@ -782,16 +782,17 @@ type receiveConfig struct { grpcConfig grpcConfig - rwAddress string - rwServerCert string - rwServerKey string - rwServerClientCA string - rwClientCert string - rwClientKey string - rwClientSecure bool - rwClientServerCA string - rwClientServerName string - rwClientSkipVerify bool + rwAddress string + rwServerCert string + rwServerKey string + rwServerClientCA string + rwServerTlsMinVersion string + rwClientCert string + rwClientKey string + rwClientSecure bool + rwClientServerCA string + rwClientServerName string + rwClientSkipVerify bool dataDir string labelStrs []string @@ -861,6 +862,8 @@ func (rc *receiveConfig) registerFlag(cmd extkingpin.FlagClause) { cmd.Flag("remote-write.server-tls-client-ca", "TLS CA to verify clients against. If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)").Default("").StringVar(&rc.rwServerClientCA) + cmd.Flag("remote-write.server-tls-min-version", "TLS version for the gRPC server, leave blank to default to TLS 1.3, allow values: [\"1.0\", \"1.1\", \"1.2\", \"1.3\"]").Default("1.3").StringVar(&rc.rwServerTlsMinVersion) + cmd.Flag("remote-write.client-tls-cert", "TLS Certificates to use to identify this client to the server.").Default("").StringVar(&rc.rwClientCert) cmd.Flag("remote-write.client-tls-key", "TLS Key for the client's certificate.").Default("").StringVar(&rc.rwClientKey) diff --git a/cmd/thanos/rule.go b/cmd/thanos/rule.go index 7f418361ab..50200923b2 100644 --- a/cmd/thanos/rule.go +++ b/cmd/thanos/rule.go @@ -722,7 +722,7 @@ func runRule( ) // Start gRPC server. - tlsCfg, err := tls.NewServerConfig(log.With(logger, "protocol", "gRPC"), conf.grpc.tlsSrvCert, conf.grpc.tlsSrvKey, conf.grpc.tlsSrvClientCA) + tlsCfg, err := tls.NewServerConfig(log.With(logger, "protocol", "gRPC"), conf.grpc.tlsSrvCert, conf.grpc.tlsSrvKey, conf.grpc.tlsSrvClientCA, conf.grpc.tlsMinVersion) if err != nil { return errors.Wrap(err, "setup gRPC server") } diff --git a/cmd/thanos/sidecar.go b/cmd/thanos/sidecar.go index 014b9fc9df..69a6f67bcd 100644 --- a/cmd/thanos/sidecar.go +++ b/cmd/thanos/sidecar.go @@ -303,7 +303,7 @@ func runSidecar( } tlsCfg, err := tls.NewServerConfig(log.With(logger, "protocol", "gRPC"), - conf.grpc.tlsSrvCert, conf.grpc.tlsSrvKey, conf.grpc.tlsSrvClientCA) + conf.grpc.tlsSrvCert, conf.grpc.tlsSrvKey, conf.grpc.tlsSrvClientCA, conf.grpc.tlsMinVersion) if err != nil { return errors.Wrap(err, "setup gRPC server") } diff --git a/cmd/thanos/store.go b/cmd/thanos/store.go index 319dc929c2..72e2c2950d 100644 --- a/cmd/thanos/store.go +++ b/cmd/thanos/store.go @@ -516,7 +516,7 @@ func runStore( // Start query (proxy) gRPC StoreAPI. { - tlsCfg, err := tls.NewServerConfig(log.With(logger, "protocol", "gRPC"), conf.grpcConfig.tlsSrvCert, conf.grpcConfig.tlsSrvKey, conf.grpcConfig.tlsSrvClientCA) + tlsCfg, err := tls.NewServerConfig(log.With(logger, "protocol", "gRPC"), conf.grpcConfig.tlsSrvCert, conf.grpcConfig.tlsSrvKey, conf.grpcConfig.tlsSrvClientCA, conf.grpcConfig.tlsMinVersion) if err != nil { return errors.Wrap(err, "setup gRPC server") } diff --git a/docs/components/query.md b/docs/components/query.md index 3b300b5d7a..8bab07aa2d 100644 --- a/docs/components/query.md +++ b/docs/components/query.md @@ -353,6 +353,10 @@ Flags: verification on server side. (tls.NoClientCert) --grpc-server-tls-key="" TLS Key for the gRPC server, leave blank to disable TLS + --grpc-server-tls-min-version="1.3" + TLS minimum version to gRPC server, unset will + default to tls 1.3, allow values: ["1.0", + "1.1", "1.2", "1.3"] -h, --help Show context-sensitive help (also try --help-long and --help-man). --http-address="0.0.0.0:10902" diff --git a/docs/components/receive.md b/docs/components/receive.md index a0251d6c71..bae7399eca 100644 --- a/docs/components/receive.md +++ b/docs/components/receive.md @@ -359,6 +359,10 @@ Flags: verification on server side. (tls.NoClientCert) --grpc-server-tls-key="" TLS Key for the gRPC server, leave blank to disable TLS + --grpc-server-tls-min-version="1.3" + TLS minimum version to gRPC server, unset will + default to tls 1.3, allow values: ["1.0", + "1.1", "1.2", "1.3"] --hash-func= Specify which hash function to use when calculating the hashes of produced files. If no function has been specified, it does not @@ -481,6 +485,10 @@ Flags: --remote-write.server-tls-key="" TLS Key for the HTTP server, leave blank to disable TLS. + --remote-write.server-tls-min-version="1.3" + TLS version for the gRPC server, leave blank + to default to TLS 1.3, allow values: ["1.0", + "1.1", "1.2", "1.3"] --request.logging-config= Alternative to 'request.logging-config-file' flag (mutually exclusive). Content diff --git a/docs/components/rule.md b/docs/components/rule.md index 5c784c9a3f..7b4ee999ba 100644 --- a/docs/components/rule.md +++ b/docs/components/rule.md @@ -352,6 +352,10 @@ Flags: verification on server side. (tls.NoClientCert) --grpc-server-tls-key="" TLS Key for the gRPC server, leave blank to disable TLS + --grpc-server-tls-min-version="1.3" + TLS minimum version to gRPC server, unset will + default to tls 1.3, allow values: ["1.0", + "1.1", "1.2", "1.3"] --hash-func= Specify which hash function to use when calculating the hashes of produced files. If no function has been specified, it does not diff --git a/docs/components/sidecar.md b/docs/components/sidecar.md index 951a0d58ec..2b1c957999 100644 --- a/docs/components/sidecar.md +++ b/docs/components/sidecar.md @@ -118,6 +118,10 @@ Flags: verification on server side. (tls.NoClientCert) --grpc-server-tls-key="" TLS Key for the gRPC server, leave blank to disable TLS + --grpc-server-tls-min-version="1.3" + TLS minimum version to gRPC server, unset will + default to tls 1.3, allow values: ["1.0", + "1.1", "1.2", "1.3"] --hash-func= Specify which hash function to use when calculating the hashes of produced files. If no function has been specified, it does not diff --git a/docs/components/store.md b/docs/components/store.md index 5ac51b931e..6ff48b8dd7 100644 --- a/docs/components/store.md +++ b/docs/components/store.md @@ -111,6 +111,10 @@ Flags: verification on server side. (tls.NoClientCert) --grpc-server-tls-key="" TLS Key for the gRPC server, leave blank to disable TLS + --grpc-server-tls-min-version="1.3" + TLS minimum version to gRPC server, unset will + default to tls 1.3, allow values: ["1.0", + "1.1", "1.2", "1.3"] -h, --help Show context-sensitive help (also try --help-long and --help-man). --http-address="0.0.0.0:10902" diff --git a/pkg/tls/options.go b/pkg/tls/options.go index 362f73740b..3b6a52e524 100644 --- a/pkg/tls/options.go +++ b/pkg/tls/options.go @@ -6,8 +6,11 @@ package tls import ( "crypto/tls" "crypto/x509" + "fmt" "os" "path/filepath" + "sort" + "strings" "sync" "time" @@ -17,7 +20,7 @@ import ( ) // NewServerConfig provides new server TLS configuration. -func NewServerConfig(logger log.Logger, certPath, keyPath, clientCA string) (*tls.Config, error) { +func NewServerConfig(logger log.Logger, certPath, keyPath, clientCA, tlsMinVersion string) (*tls.Config, error) { if keyPath == "" && certPath == "" { if clientCA != "" { return nil, errors.New("when a client CA is used a server key and certificate must also be provided") @@ -33,8 +36,13 @@ func NewServerConfig(logger log.Logger, certPath, keyPath, clientCA string) (*tl return nil, errors.New("both server key and certificate must be provided") } + minTlsVersion, err := getTlsVersion(tlsMinVersion) + if err != nil { + return nil, err + } + tlsCfg := &tls.Config{ - MinVersion: tls.VersionTLS13, + MinVersion: minTlsVersion, } // Certificate is loaded during server startup to check for any errors. certificate, err := tls.LoadX509KeyPair(certPath, keyPath) @@ -190,3 +198,35 @@ func (m *clientTLSManager) getClientCertificate(*tls.CertificateRequestInfo) (*t return m.cert, nil } + +type validOption struct { + tlsOption map[string]uint16 +} + +func (validOption validOption) joinString() string { + var keys []string + + for key := range validOption.tlsOption { + keys = append(keys, key) + } + sort.Strings(keys) + return strings.Join(keys, ", ") +} + +func getTlsVersion(tlsMinVersion string) (uint16, error) { + + validOption := validOption{ + tlsOption: map[string]uint16{ + "1.0": tls.VersionTLS10, + "1.1": tls.VersionTLS11, + "1.2": tls.VersionTLS12, + "1.3": tls.VersionTLS13, + }, + } + + if _, ok := validOption.tlsOption[tlsMinVersion]; !ok { + return 0, errors.New(fmt.Sprintf("invalid TLS version: %s, valid values are %s", tlsMinVersion, validOption.joinString())) + } + + return validOption.tlsOption[tlsMinVersion], nil +} diff --git a/pkg/tls/options_test.go b/pkg/tls/options_test.go new file mode 100644 index 0000000000..4070286efa --- /dev/null +++ b/pkg/tls/options_test.go @@ -0,0 +1,58 @@ +// Copyright (c) The Thanos Authors. +// Licensed under the Apache License 2.0. + +package tls + +import ( + "crypto/tls" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestTlsOptions(t *testing.T) { + var tests = []struct { + input string + fail bool + result uint16 + }{ + { + input: "", + fail: true, + }, { + input: "ab", + fail: true, + }, { + input: "1", + fail: true, + }, { + input: "1.0", + result: tls.VersionTLS10, + }, + { + input: "1.1", + result: tls.VersionTLS11, + }, + { + input: "1.2", + result: tls.VersionTLS12, + }, + { + input: "1.3", + result: tls.VersionTLS13, + }, + } + + for _, test := range tests { + minTlsVersion, err := getTlsVersion(test.input) + + if test.fail { + require.Error(t, err) + continue + } + + require.NoError(t, err) + assert.Equal(t, test.result, minTlsVersion) + } +} diff --git a/test/e2e/tls_test.go b/test/e2e/tls_test.go index d6cb8bce93..1fee0dddca 100644 --- a/test/e2e/tls_test.go +++ b/test/e2e/tls_test.go @@ -49,11 +49,12 @@ func TestGRPCServerCertAutoRotate(t *testing.T) { caSrv := filepath.Join(tmpDirSrv, "ca") certSrv := filepath.Join(tmpDirSrv, "cert") keySrv := filepath.Join(tmpDirSrv, "key") + tlsMinVersion := "1.3" genCerts(t, certSrv, keySrv, caClt) genCerts(t, certClt, keyClt, caSrv) - configSrv, err := thTLS.NewServerConfig(logger, certSrv, keySrv, caSrv) + configSrv, err := thTLS.NewServerConfig(logger, certSrv, keySrv, caSrv, tlsMinVersion) testutil.Ok(t, err) srv := grpc.NewServer(grpc.KeepaliveParams(keepalive.ServerParameters{MaxConnectionAge: 1 * time.Millisecond}), grpc.Creds(credentials.NewTLS(configSrv))) @@ -187,7 +188,8 @@ func TestInvalidCertAndKey(t *testing.T) { caSrv := filepath.Join(tmpDirSrv, "ca") certSrv := filepath.Join(tmpDirSrv, "cert") keySrv := filepath.Join(tmpDirSrv, "key") + tlsMinVersion := "1.3" // Certificate and key are not present in the above path - _, err := thTLS.NewServerConfig(logger, certSrv, keySrv, caSrv) + _, err := thTLS.NewServerConfig(logger, certSrv, keySrv, caSrv, tlsMinVersion) testutil.NotOk(t, err) } From 6878d60dfc50f389457ae4e75e9257820971adbb Mon Sep 17 00:00:00 2001 From: pureiboi <17396188+pureiboi@users.noreply.github.com> Date: Thu, 22 Aug 2024 12:06:22 +0800 Subject: [PATCH 2/4] update cmd description and match doc Signed-off-by: pureiboi <17396188+pureiboi@users.noreply.github.com> --- cmd/thanos/config.go | 2 +- docs/components/query.md | 7 ++++--- docs/components/receive.md | 7 ++++--- docs/components/rule.md | 7 ++++--- docs/components/sidecar.md | 7 ++++--- docs/components/store.md | 7 ++++--- 6 files changed, 21 insertions(+), 16 deletions(-) diff --git a/cmd/thanos/config.go b/cmd/thanos/config.go index b60f8819e5..f72d19fd79 100644 --- a/cmd/thanos/config.go +++ b/cmd/thanos/config.go @@ -47,7 +47,7 @@ func (gc *grpcConfig) registerFlag(cmd extkingpin.FlagClause) *grpcConfig { "TLS CA to verify clients against. If no client CA is specified, there is no client verification on server side. (tls.NoClientCert)"). Default("").StringVar(&gc.tlsSrvClientCA) cmd.Flag("grpc-server-tls-min-version", - "TLS minimum version to gRPC server, unset will default to tls 1.3, allow values: [\"1.0\", \"1.1\", \"1.2\", \"1.3\"]"). + "TLS supported minimum version for gRPC server. If no version is specified, it'll default to 1.3. Allowed values: [\"1.0\", \"1.1\", \"1.2\", \"1.3\"]"). Default("1.3").StringVar(&gc.tlsMinVersion) cmd.Flag("grpc-server-max-connection-age", "The grpc server max connection age. This controls how often to re-establish connections and redo TLS handshakes."). Default("60m").DurationVar(&gc.maxConnectionAge) diff --git a/docs/components/query.md b/docs/components/query.md index 8bab07aa2d..6042f84a6f 100644 --- a/docs/components/query.md +++ b/docs/components/query.md @@ -354,9 +354,10 @@ Flags: --grpc-server-tls-key="" TLS Key for the gRPC server, leave blank to disable TLS --grpc-server-tls-min-version="1.3" - TLS minimum version to gRPC server, unset will - default to tls 1.3, allow values: ["1.0", - "1.1", "1.2", "1.3"] + TLS supported minimum version for gRPC server. + If no version is specified, it'll default to + 1.3. Allowed values: ["1.0", "1.1", "1.2", + "1.3"] -h, --help Show context-sensitive help (also try --help-long and --help-man). --http-address="0.0.0.0:10902" diff --git a/docs/components/receive.md b/docs/components/receive.md index bae7399eca..1abd1ff08b 100644 --- a/docs/components/receive.md +++ b/docs/components/receive.md @@ -360,9 +360,10 @@ Flags: --grpc-server-tls-key="" TLS Key for the gRPC server, leave blank to disable TLS --grpc-server-tls-min-version="1.3" - TLS minimum version to gRPC server, unset will - default to tls 1.3, allow values: ["1.0", - "1.1", "1.2", "1.3"] + TLS supported minimum version for gRPC server. + If no version is specified, it'll default to + 1.3. Allowed values: ["1.0", "1.1", "1.2", + "1.3"] --hash-func= Specify which hash function to use when calculating the hashes of produced files. If no function has been specified, it does not diff --git a/docs/components/rule.md b/docs/components/rule.md index 7b4ee999ba..217f21ed1f 100644 --- a/docs/components/rule.md +++ b/docs/components/rule.md @@ -353,9 +353,10 @@ Flags: --grpc-server-tls-key="" TLS Key for the gRPC server, leave blank to disable TLS --grpc-server-tls-min-version="1.3" - TLS minimum version to gRPC server, unset will - default to tls 1.3, allow values: ["1.0", - "1.1", "1.2", "1.3"] + TLS supported minimum version for gRPC server. + If no version is specified, it'll default to + 1.3. Allowed values: ["1.0", "1.1", "1.2", + "1.3"] --hash-func= Specify which hash function to use when calculating the hashes of produced files. If no function has been specified, it does not diff --git a/docs/components/sidecar.md b/docs/components/sidecar.md index 2b1c957999..d8e9cb930d 100644 --- a/docs/components/sidecar.md +++ b/docs/components/sidecar.md @@ -119,9 +119,10 @@ Flags: --grpc-server-tls-key="" TLS Key for the gRPC server, leave blank to disable TLS --grpc-server-tls-min-version="1.3" - TLS minimum version to gRPC server, unset will - default to tls 1.3, allow values: ["1.0", - "1.1", "1.2", "1.3"] + TLS supported minimum version for gRPC server. + If no version is specified, it'll default to + 1.3. Allowed values: ["1.0", "1.1", "1.2", + "1.3"] --hash-func= Specify which hash function to use when calculating the hashes of produced files. If no function has been specified, it does not diff --git a/docs/components/store.md b/docs/components/store.md index 6ff48b8dd7..28009f67fb 100644 --- a/docs/components/store.md +++ b/docs/components/store.md @@ -112,9 +112,10 @@ Flags: --grpc-server-tls-key="" TLS Key for the gRPC server, leave blank to disable TLS --grpc-server-tls-min-version="1.3" - TLS minimum version to gRPC server, unset will - default to tls 1.3, allow values: ["1.0", - "1.1", "1.2", "1.3"] + TLS supported minimum version for gRPC server. + If no version is specified, it'll default to + 1.3. Allowed values: ["1.0", "1.1", "1.2", + "1.3"] -h, --help Show context-sensitive help (also try --help-long and --help-man). --http-address="0.0.0.0:10902" From 0b19464c1b66b680fc725dcb737b4533c163a438 Mon Sep 17 00:00:00 2001 From: pureiboi <17396188+pureiboi@users.noreply.github.com> Date: Thu, 10 Oct 2024 15:59:14 +0800 Subject: [PATCH 3/4] feat: update doc with make docs Signed-off-by: pureiboi <17396188+pureiboi@users.noreply.github.com> --- docs/components/receive.md | 1 + docs/components/sidecar.md | 1 + docs/components/store.md | 1 + docs/components/tools.md | 3 +++ docs/storage.md | 1 + 5 files changed, 7 insertions(+) diff --git a/docs/components/receive.md b/docs/components/receive.md index bcd73cc7b1..ac6b25213e 100644 --- a/docs/components/receive.md +++ b/docs/components/receive.md @@ -94,6 +94,7 @@ config: server_name: "" insecure_skip_verify: false disable_compression: false + chunk_size_bytes: 0 prefix: "" ``` diff --git a/docs/components/sidecar.md b/docs/components/sidecar.md index 0e5bddc85e..d8e9cb930d 100644 --- a/docs/components/sidecar.md +++ b/docs/components/sidecar.md @@ -74,6 +74,7 @@ config: server_name: "" insecure_skip_verify: false disable_compression: false + chunk_size_bytes: 0 prefix: "" ``` diff --git a/docs/components/store.md b/docs/components/store.md index 7e70a444ec..28009f67fb 100644 --- a/docs/components/store.md +++ b/docs/components/store.md @@ -33,6 +33,7 @@ config: server_name: "" insecure_skip_verify: false disable_compression: false + chunk_size_bytes: 0 prefix: "" ``` diff --git a/docs/components/tools.md b/docs/components/tools.md index fb91d69e88..426861fdff 100644 --- a/docs/components/tools.md +++ b/docs/components/tools.md @@ -128,6 +128,7 @@ config: server_name: "" insecure_skip_verify: false disable_compression: false + chunk_size_bytes: 0 prefix: "" ``` @@ -698,6 +699,7 @@ config: server_name: "" insecure_skip_verify: false disable_compression: false + chunk_size_bytes: 0 prefix: "" ``` @@ -800,6 +802,7 @@ config: server_name: "" insecure_skip_verify: false disable_compression: false + chunk_size_bytes: 0 prefix: "" ``` diff --git a/docs/storage.md b/docs/storage.md index d90a4d7ed0..78aacb38e9 100644 --- a/docs/storage.md +++ b/docs/storage.md @@ -304,6 +304,7 @@ config: server_name: "" insecure_skip_verify: false disable_compression: false + chunk_size_bytes: 0 prefix: "" ``` From b1fac60c79d10c46ebab7e935e6571ec21e060c6 Mon Sep 17 00:00:00 2001 From: pureiboi <17396188+pureiboi@users.noreply.github.com> Date: Thu, 17 Oct 2024 21:15:39 +0800 Subject: [PATCH 4/4] fix indentation by linter Signed-off-by: pureiboi <17396188+pureiboi@users.noreply.github.com> --- cmd/thanos/receive.go | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/cmd/thanos/receive.go b/cmd/thanos/receive.go index ea16721290..56e8a35203 100644 --- a/cmd/thanos/receive.go +++ b/cmd/thanos/receive.go @@ -818,17 +818,17 @@ type receiveConfig struct { grpcConfig grpcConfig - replicationAddr string - rwAddress string - rwServerCert string - rwServerKey string - rwServerClientCA string - rwClientCert string - rwClientKey string - rwClientSecure bool - rwClientServerCA string - rwClientServerName string - rwClientSkipVerify bool + replicationAddr string + rwAddress string + rwServerCert string + rwServerKey string + rwServerClientCA string + rwClientCert string + rwClientKey string + rwClientSecure bool + rwClientServerCA string + rwClientServerName string + rwClientSkipVerify bool rwServerTlsMinVersion string dataDir string