Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Labels:
None

Blocked:
False
Ready:
False
Epic Link:
Observability in MCO

WSJF:
0

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

When I was working on ~~MCO-74~~, it came up that kube-rbac-proxy may be better to use than oauth-proxy because it conveys some benefits (one of which is that it is easier on the API server).

This is the referenced enhancement:

https://github.com/openshift/enhancements/blob/master/enhancements/monitoring/client-cert-scraping.md

Since both machine-config-daemon and machine-config-controller both use oauth-proxy, if it makes sense and we understand the tradeoffs/consequences we should probably update both of them.

Done Criteria:

We know whether or not we should use kube-rbac-proxy
We have updated (or decided not to update) the controller and the daemon to use (or not use) it

links to

openshift/machine-config-operator#2802: Send alert when MCO can't safely apply updated Kubelet CA on nodes in paused pool

Assignee:: Unassigned

Reporter:: John Kyros

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2021/12/13 10:02 PM

Updated:: 2025/03/30 3:57 PM

Resolved:: 2023/10/10 1:13 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates