-
Bug
-
Resolution: Not a Bug
-
Undefined
-
None
-
4.20.0
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
IBM vpc block CSI driver operator must follow convention: > When a core operator exposes Prometheus metrics, it should comply with the following requirements: > 1. It should use HTTPS. Metrics are confidential, particularly labels which can (https://github.com/openshift/enhancements/blob/6fa12ae9f15f309fb709f96bbc46d459461a7679/CONVENTIONS.md?plain=1#L566 ) Currently, it exposes HTTP port 9080 for everyone.
Version-Release number of selected component (if applicable):
4.20.0
How reproducible:
Always
Steps to Reproduce:
$ oc exec -it -n openshift-cluster-csi-drivers ibm-vpc-block-csi-node-84sbw -c csi-driver -- bash
[root@ibm-vpc-block-csi-node-84sbw /]# ss -anpltH |grep 9080
LISTEN 0 4096 *:9080 *:* users:(("ibm-vpc-block-c",pid=1,fd=6))
[root@ibm-vpc-block-csi-node-84sbw /]# curl http://localhost:9080/metrics
...
# TYPE volumes_count gauge
volumes_count 0
Actual results:
IBM vpc block CSI driver operator serves HTTP on 0.0.0.0:9080
Expected results:
IBM vpc block CSI driver operator serves HTTP on 127.0.0.1:<SOME_PORT> and kube-rbac-proxy sidecar converts it to HTTPS on 0.0.0.0:9080
Additional info: