Uploaded image for project: 'OpenShift Monitoring'
  1. OpenShift Monitoring
  2. MON-1679

use static authorizer feature of kube-rbac-proxy

    XMLWordPrintable

Details

    • False
    • False
    • NEW
    • NEW
    • Undefined
    • Monitoring - Sprint 205, Monitoring - Sprint 206, Monitoring - Sprint 207, Monitoring - Sprint 208, Monitoring - Sprint 209

    Description

      The static authorizer feature has landed in upstream kube-rbac-proxy. Lets use it by configuring a static authorizer for all requests that hit a /metrics endpoint.

      DoD:

      • Downstream kube-rbac-proxy is synced.
      • All CMO operands are configured with static authorization.
      • Bugzillas created for all non-monitoring components using kube-rbac-proxy for metrics authn/authz.

      Attachments

        Issue Links

          is related to

          Task - A task that needs to be done. MON-1850 Migrate all monitoring components to use client TLS certificate instead of bearer token for metrics scraping

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Task - A task that needs to be done. MON-1561 Implement static authorizer in upstream kube-rbac-proxy

          • Undefined - Priority not specified.
          • Closed
          links to

          GitHub openshift/cluster-monitoring-operator#1314: WIP: MON-1679 changes for static auth

          GitHub openshift/cluster-monitoring-operator#1318: WIP: adding static auth config

          Activity

            People

              pnair2 Prashant Balachandran (Inactive)
              jfajersk@redhat.com Jan Fajerski
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: