Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Labels:
- groomed

Story Points:
2
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
Ensure Cluster Machine Approver metrics are only available via HTTPS
Feature Link:
OCPSTRAT-970 - Ports used by OCP should have TLS supports
Intelligence Requested:
Market:

Sprint:
CLOUD Sprint 245

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Background

CMA currently exposes metrics on two ports via the 0.0.0.0 all hosts binding. We need to make sure that only the TLS port is accessible from outside localhost.

Steps

Move the binding for the local metrics server to localhost only
Ensure kube-rbac-proxy is still proxying the requests over TLS

Stakeholders

Cluster Infra
Subin M

Definition of Done

Metrics from CMA are only exposed over TLS

Docs

<Add docs requirements for this card>

Testing

<Explain testing that will be added>

is depended on by

OCPSTRAT-970 Ports used by OCP should have TLS supports

Closed

links to

openshift/cluster-machine-approver#211: OCPCLOUD-2277: Ensure Cluster Machine Approver metrics are only available via HTTPS

openshift/cluster-machine-approver#216: Revert #211 "OCPCLOUD-2277: Ensure Cluster Machine Approver metrics are only available via HTTPS"

Assignee:: Rachel Ryan

Reporter:: Joel Speed

QA Contact:: Milind Yadav

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2023/11/13 3:45 PM

Updated:: 2023/11/30 7:15 PM

Resolved:: 2023/11/29 12:30 PM

Details

Description

Background

Steps

Stakeholders

Definition of Done

Attachments

Issue Links

Activity

People

Dates

Hide