From 6ebc6137c59fae9e10e568f3b0d41d425bdff0b7 Mon Sep 17 00:00:00 2001
From: DylanGuedes <djmgguedes@gmail.com>
Date: Fri, 23 Feb 2024 08:14:39 -0300
Subject: [PATCH] add comment

---
 .../helm-cluster/values/loki-distributed-tls.yaml         | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tools/dev/k3d/environments/helm-cluster/values/loki-distributed-tls.yaml b/tools/dev/k3d/environments/helm-cluster/values/loki-distributed-tls.yaml
index 45a1f33b886bf..d442cae407e93 100644
--- a/tools/dev/k3d/environments/helm-cluster/values/loki-distributed-tls.yaml
+++ b/tools/dev/k3d/environments/helm-cluster/values/loki-distributed-tls.yaml
@@ -190,11 +190,19 @@ loki:
         cert_file: *common_server_crt
         key_file: *common_server_key
         client_ca_file: *common_ca_crt
+
+        # we need to set this to VerifyClientCertIfGiven to allow for mutual TLS.
+        # we can't set it to VerifyClientCertIfGivenAndRequireAnyClientCert because
+        # it would broke k8s liveness and readiness probes.
         client_auth_type: VerifyClientCertIfGiven
       grpc_tls_config:
         cert_file: *common_server_crt
         key_file: *common_server_key
         client_ca_file: *common_ca_crt
+
+        # we need to set this to VerifyClientCertIfGiven to allow for mutual TLS.
+        # we can't set it to VerifyClientCertIfGivenAndRequireAnyClientCert because
+        # it would broke k8s liveness and readiness probes.
         client_auth_type: VerifyClientCertIfGiven
     ingester_client:
       grpc_client_config: