From a559123a2b22a15443b9d13d84e1ab04f6bae6fa Mon Sep 17 00:00:00 2001
From: Frederic Branczyk <fbranczyk@gmail.com>
Date: Mon, 6 Aug 2018 21:16:59 +0200
Subject: [PATCH] kube-prometheus: Allow skipping etcd TLS errors

---
 examples/etcd-skip-verify.jsonnet             | 22 +++++++++++++++++++
 .../kube-prometheus-static-etcd.libsonnet     |  4 +++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 examples/etcd-skip-verify.jsonnet

diff --git a/examples/etcd-skip-verify.jsonnet b/examples/etcd-skip-verify.jsonnet
new file mode 100644
index 00000000..603ba710
--- /dev/null
+++ b/examples/etcd-skip-verify.jsonnet
@@ -0,0 +1,22 @@
+local kp = (import 'kube-prometheus/kube-prometheus.libsonnet') +
+           (import 'kube-prometheus/kube-prometheus-static-etcd.libsonnet') + {
+  _config+:: {
+    namespace: 'monitoring',
+
+    etcd+:: {
+      ips: ['127.0.0.1'],
+      clientCA: importstr 'etcd-client-ca.crt',
+      clientKey: importstr 'etcd-client.key',
+      clientCert: importstr 'etcd-client.crt',
+      insecureSkipVerify: true,
+    },
+  },
+};
+
+{ ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
+{ ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
+{ ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
+{ ['kube-state-metrics-' + name]: kp.kubeStateMetrics[name] for name in std.objectFields(kp.kubeStateMetrics) } +
+{ ['alertmanager-' + name]: kp.alertmanager[name] for name in std.objectFields(kp.alertmanager) } +
+{ ['prometheus-' + name]: kp.prometheus[name] for name in std.objectFields(kp.prometheus) } +
+{ ['grafana-' + name]: kp.grafana[name] for name in std.objectFields(kp.grafana) }
diff --git a/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet b/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet
index 23883c2c..d63b8680 100644
--- a/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet
+++ b/jsonnet/kube-prometheus/kube-prometheus-static-etcd.libsonnet
@@ -8,6 +8,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       clientKey: null,
       clientCert: null,
       serverName: null,
+      insecureSkipVerify: null,
     },
   },
   prometheus+:: {
@@ -65,7 +66,8 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
                 caFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client-ca.crt',
                 keyFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.key',
                 certFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.crt',
-                serverName: $._config.etcd.serverName,
+                [if $._config.etcd.serverName != null then 'serverName']: $._config.etcd.serverName,
+                [if $._config.etcd.insecureSkipVerify != null then 'insecureSkipVerify']: $._config.etcd.insecureSkipVerify,
               },
             },
           ],
-- 
GitLab