Uploaded image for project: 'Observability and Data Analysis Program'
  1. Observability and Data Analysis Program
  2. OBSDA-1262

Readiness probe fails with mTLS enabled and "RequireAndVerifyClientCert" clientAuthType

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • PM Monitoring
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • 0

      Proposed title of this feature request

      Enable internal Prometheus components/probes to function when mTLS is enabled on the web interface.

      What is the nature and description of the request?

      The Operator must provide a mechanism to ensure internal components (liveness/readiness probes and sidecars like oauth-proxy and config-reloader) can access the Prometheus web endpoint when mTLS (clientAuthType: RequireAndVerifyClientCert) is enabled.

      The current setup fails the health checks because probes cannot authenticate.
      This issue is already reported on the upstream project

      Why does the customer need this? (List the business requirements)

      The customer needs this feature to satisfy strict security compliance standards by enabling mTLS on the Prometheus web interface.

      List any affected packages or components.

      Cluster Observability Operator 1.2.2
       

              rh-ee-rfloren Roger Florén
              rh-ee-sstumpf Simon Stumpf
              Votes:
              6 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: