Uploaded image for project: 'OpenShift Cloud'
  1. OpenShift Cloud
  2. OCPCLOUD-2278

Ensure Cloud Controller Manager Operator metrics are only available via HTTPS

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • CLOUD Sprint 245, CLOUD Sprint 246

      Background

      CCMO metrics are currently exposed on a non-TLS server.

      We should only expose the metrics via a TLS server.

      Use Kube RBAC Proxy (as inspired by other components, eg MAO) to expose metrics via TLS, keeping non-TLS connections only on the localhost.

      Steps

      • Add a kube-rbac-proxy container to the CCMO
      • Ensure the non-TLS port is moved down by 1
      • Ensure the host port registry accounts for the non TLS port

      Stakeholders

      • Cluster Infra
      • Subin M

      Definition of Done

      • CCMO runs kube-rbac-proxy alongside its current containers and only exposes metrics via the TLS port
      • Docs
      • <Add docs requirements for this card>
      • Testing
      • <Explain testing that will be added>

            raryan@redhat.com Rachel Ryan
            joelspeed Joel Speed
            Zhaohua Sun Zhaohua Sun
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: