-
Task
-
Resolution: Done
-
Major
-
None
-
False
-
False
-
NEW
-
NEW
-
undefined
-
-
Monitoring - Sprint 207, Monitoring - Sprint 208
Thanks to https://github.com/openshift/cluster-monitoring-operator/pull/1282, Prometheus is able to authenticate using TLS certificates instead of bearer tokens when scraping metrics. This improves the reliability of metrics collection and lowers the load on the API server since there's no additional round-trip to the authentication/authorization APIs. The initial work targeted kubelet, kube-state-metrics, node_exporter and prometheus-operator. We need to follow up for all other monitoring components:
- Alertmanager
- telemeter-client
- Prometheus
- Grafana
Prometheus adapter(no kube-rbac-proxy - would require #425)- Thanos querier
- UWM components
DoD:
- Prometheus scrapes monitoring components using TLS certificates.
- Bearer tokens are removed from all monitoring service monitors.
- relates to
-
MON-1679 use static authorizer feature of kube-rbac-proxy
- Closed