-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support configuring TLS for hubble metrics server #31973
Conversation
8c0c10e
to
eb60b85
Compare
Waiting on #32066 |
3eb8a5a
to
d4251aa
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR! Great change to see overall. I have two small questions about messaging around erroring out from launchHubble
function and the timeouts there, comments left inline.
d4251aa
to
4cc9f7f
Compare
/test |
4cc9f7f
to
9521996
Compare
Test failures look legit, trying to figure it out. |
/test |
9521996
to
db59f1b
Compare
/test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No strong objection, but not ideal to add more fuel to both using the cilium.io tld for certificates and more code in launchHubble()
.
Also supports using mTLS to secure access to the metrics endpoint. Signed-off-by: Chance Zibolski <chance.zibolski@gmail.com>
db59f1b
to
8e45940
Compare
/test |
Adds support for TLS and mTLS on the Hubble Metrics server. This allows Prometheus or other prometheus compatible scrapers to connect to the metrics endpoint using TLS and optionally authenticate access to metrics via mTLS.
This depends on cilium/certgen#199 so that the cronJob automatic TLS method can provision certs for the Hubble metrics server.