Uploaded image for project: 'OpenShift Monitoring'
  1. OpenShift Monitoring
  2. MON-1850

Migrate all monitoring components to use client TLS certificate instead of bearer token for metrics scraping

XMLWordPrintable

    • False
    • False
    • NEW
    • NEW
    • undefined
    • Monitoring - Sprint 207, Monitoring - Sprint 208

      Thanks to https://github.com/openshift/cluster-monitoring-operator/pull/1282, Prometheus is able to authenticate using TLS certificates instead of bearer tokens when scraping metrics. This improves the reliability of metrics collection and lowers the load on the API server since there's no additional round-trip to the authentication/authorization APIs. The initial work targeted kubelet, kube-state-metrics, node_exporter and prometheus-operator. We need to follow up for all other monitoring components:

      • Alertmanager
      • telemeter-client
      • Prometheus
      • Grafana
      • Prometheus adapter (no kube-rbac-proxy - would require #425)
      • Thanos querier
      • UWM components

      DoD:

      • Prometheus scrapes monitoring components using TLS certificates.
      • Bearer tokens are removed from all monitoring service monitors.

              hasun@redhat.com Haoyu Sun
              spasquie@redhat.com Simon Pasquier
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: