rhobs
diff --git a/‎bundle/manifests/monitoring.rhobs_thanosqueriers.yaml
+61 b/‎bundle/manifests/monitoring.rhobs_thanosqueriers.yaml
+61
diff --git a/‎deploy/crds/common/monitoring.rhobs_thanosqueriers.yaml
+61 b/‎deploy/crds/common/monitoring.rhobs_thanosqueriers.yaml
+61
diff --git a/‎docs/api.md
+150 b/‎docs/api.md
+150
diff --git a/‎pkg/apis/monitoring/v1alpha1/types.go
+3 b/‎pkg/apis/monitoring/v1alpha1/types.go
+3
diff --git a/‎pkg/apis/monitoring/v1alpha1/zz_generated.deepcopy.go
+5 b/‎pkg/apis/monitoring/v1alpha1/zz_generated.deepcopy.go
+5
@@ -110,6 +110,67 @@ spec:
                     type: object
                 type: object
                 x-kubernetes-map-type: atomic
+              webTLSConfig:
+                description: Configure TLS options for the Thanos web server.
+                properties:
+                  certificate:
+                    description: Reference to the TLS public certificate for the web
+                      server.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be
+                          a valid secret key.
+                        minLength: 1
+                        type: string
+                      name:
+                        description: The name of the secret in the object's namespace
+                          to select from.
+                        minLength: 1
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                  certificateAuthority:
+                    description: Reference to the root Certificate Authority used
+                      to verify the web server's certificate.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be
+                          a valid secret key.
+                        minLength: 1
+                        type: string
+                      name:
+                        description: The name of the secret in the object's namespace
+                          to select from.
+                        minLength: 1
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                  privateKey:
+                    description: Reference to the TLS private key for the web server.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be
+                          a valid secret key.
+                        minLength: 1
+                        type: string
+                      name:
+                        description: The name of the secret in the object's namespace
+                          to select from.
+                        minLength: 1
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                required:
+                - certificate
+                - certificateAuthority
+                - privateKey
+                type: object
             required:
             - selector
             type: object
 
@@ -110,6 +110,67 @@ spec:
                     type: object
                 type: object
                 x-kubernetes-map-type: atomic
+              webTLSConfig:
+                description: Configure TLS options for the Thanos web server.
+                properties:
+                  certificate:
+                    description: Reference to the TLS public certificate for the web
+                      server.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be
+                          a valid secret key.
+                        minLength: 1
+                        type: string
+                      name:
+                        description: The name of the secret in the object's namespace
+                          to select from.
+                        minLength: 1
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                  certificateAuthority:
+                    description: Reference to the root Certificate Authority used
+                      to verify the web server's certificate.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be
+                          a valid secret key.
+                        minLength: 1
+                        type: string
+                      name:
+                        description: The name of the secret in the object's namespace
+                          to select from.
+                        minLength: 1
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                  privateKey:
+                    description: Reference to the TLS private key for the web server.
+                    properties:
+                      key:
+                        description: The key of the secret to select from.  Must be
+                          a valid secret key.
+                        minLength: 1
+                        type: string
+                      name:
+                        description: The name of the secret in the object's namespace
+                          to select from.
+                        minLength: 1
+                        type: string
+                    required:
+                    - key
+                    - name
+                    type: object
+                required:
+                - certificate
+                - certificateAuthority
+                - privateKey
+                type: object
             required:
             - selector
             type: object
 
@@ -3690,6 +3690,13 @@ deduplicate.
           <br/>
         </td>
         <td>false</td>
+      </tr><tr>
+        <td><b><a href="#thanosquerierspecwebtlsconfig">webTLSConfig</a></b></td>
+        <td>object</td>
+        <td>
+          Configure TLS options for the Thanos web server.<br/>
+        </td>
+        <td>false</td>
       </tr></tbody>
 </table>
 
@@ -3810,6 +3817,149 @@ list restricting them.<br/>
       </tr></tbody>
 </table>
 
+
+### ThanosQuerier.spec.webTLSConfig
+<sup><sup>[↩ Parent](#thanosquerierspec)</sup></sup>
+
+
+
+Configure TLS options for the Thanos web server.
+
+<table>
+    <thead>
+        <tr>
+            <th>Name</th>
+            <th>Type</th>
+            <th>Description</th>
+            <th>Required</th>
+        </tr>
+    </thead>
+    <tbody><tr>
+        <td><b><a href="#thanosquerierspecwebtlsconfigcertificate">certificate</a></b></td>
+        <td>object</td>
+        <td>
+          Reference to the TLS public certificate for the web server.<br/>
+        </td>
+        <td>true</td>
+      </tr><tr>
+        <td><b><a href="#thanosquerierspecwebtlsconfigcertificateauthority">certificateAuthority</a></b></td>
+        <td>object</td>
+        <td>
+          Reference to the root Certificate Authority used to verify the web server's certificate.<br/>
+        </td>
+        <td>true</td>
+      </tr><tr>
+        <td><b><a href="#thanosquerierspecwebtlsconfigprivatekey">privateKey</a></b></td>
+        <td>object</td>
+        <td>
+          Reference to the TLS private key for the web server.<br/>
+        </td>
+        <td>true</td>
+      </tr></tbody>
+</table>
+
+
+### ThanosQuerier.spec.webTLSConfig.certificate
+<sup><sup>[↩ Parent](#thanosquerierspecwebtlsconfig)</sup></sup>
+
+
+
+Reference to the TLS public certificate for the web server.
+
+<table>
+    <thead>
+        <tr>
+            <th>Name</th>
+            <th>Type</th>
+            <th>Description</th>
+            <th>Required</th>
+        </tr>
+    </thead>
+    <tbody><tr>
+        <td><b>key</b></td>
+        <td>string</td>
+        <td>
+          The key of the secret to select from.  Must be a valid secret key.<br/>
+        </td>
+        <td>true</td>
+      </tr><tr>
+        <td><b>name</b></td>
+        <td>string</td>
+        <td>
+          The name of the secret in the object's namespace to select from.<br/>
+        </td>
+        <td>true</td>
+      </tr></tbody>
+</table>
+
+
+### ThanosQuerier.spec.webTLSConfig.certificateAuthority
+<sup><sup>[↩ Parent](#thanosquerierspecwebtlsconfig)</sup></sup>
+
+
+
+Reference to the root Certificate Authority used to verify the web server's certificate.
+
+<table>
+    <thead>
+        <tr>
+            <th>Name</th>
+            <th>Type</th>
+            <th>Description</th>
+            <th>Required</th>
+        </tr>
+    </thead>
+    <tbody><tr>
+        <td><b>key</b></td>
+        <td>string</td>
+        <td>
+          The key of the secret to select from.  Must be a valid secret key.<br/>
+        </td>
+        <td>true</td>
+      </tr><tr>
+        <td><b>name</b></td>
+        <td>string</td>
+        <td>
+          The name of the secret in the object's namespace to select from.<br/>
+        </td>
+        <td>true</td>
+      </tr></tbody>
+</table>
+
+
+### ThanosQuerier.spec.webTLSConfig.privateKey
+<sup><sup>[↩ Parent](#thanosquerierspecwebtlsconfig)</sup></sup>
+
+
+
+Reference to the TLS private key for the web server.
+
+<table>
+    <thead>
+        <tr>
+            <th>Name</th>
+            <th>Type</th>
+            <th>Description</th>
+            <th>Required</th>
+        </tr>
+    </thead>
+    <tbody><tr>
+        <td><b>key</b></td>
+        <td>string</td>
+        <td>
+          The key of the secret to select from.  Must be a valid secret key.<br/>
+        </td>
+        <td>true</td>
+      </tr><tr>
+        <td><b>name</b></td>
+        <td>string</td>
+        <td>
+          The name of the secret in the object's namespace to select from.<br/>
+        </td>
+        <td>true</td>
+      </tr></tbody>
+</table>
+
 # observability.openshift.io/v1alpha1
 
 Resource Types:
 
@@ -279,6 +279,9 @@ type ThanosQuerierSpec struct {
 	// Selector to select which namespaces the Monitoring Stack objects are discovered from.
 	NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"`
 	ReplicaLabels     []string          `json:"replicaLabels,omitempty"`
+	// Configure TLS options for the Thanos web server.
+	// +optional
+	WebTLSConfig *WebTLSConfig `json:"webTLSConfig,omitempty"`
 }
 
 // ThanosQuerierStatus defines the observed state of ThanosQuerier.
Original file line number	Diff line number	Diff line change
`@@ -279,6 +279,9 @@ type ThanosQuerierSpec struct {`
`279`	`279`	`// Selector to select which namespaces the Monitoring Stack objects are discovered from.`
`280`	`280`	NamespaceSelector NamespaceSelector `json:"namespaceSelector,omitempty"`
`281`	`281`	ReplicaLabels []string `json:"replicaLabels,omitempty"`
	`282`	`+ // Configure TLS options for the Thanos web server.`
	`283`	`+ // +optional`
	`284`	+ WebTLSConfig *WebTLSConfig `json:"webTLSConfig,omitempty"`
`282`	`285`	`}`
`283`	`286`
`284`	`287`	`// ThanosQuerierStatus defines the observed state of ThanosQuerier.`