Skip to content

Commit

Permalink
Base64 certs
Browse files Browse the repository at this point in the history 
Signed-off-by: Raul Sevilla <rsevilla@redhat.com>
  • Loading branch information
@rsevilla87
rsevilla87 committed Aug 10, 2021
1 parent a225569 commit 9646a13
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 31 deletions.
33 changes: 4 additions & 29 deletions docs/measurements.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,8 +118,8 @@ As some components require authentication to get profiling information, `kube-bu

- Bearer token authentication: This modality is configured by the variable `bearerToken`, which holds a valid Bearer token that will be used by cURL to get pprof data. This method is usually valid with kube-apiserver and kube-controller-managers components
- Certificate Authentication, usually valid for etcd: This method can be configured using a combination of cert/privKey files or directly using the cert/privkey content, it can be tweaked with the following variables:
- cert: Certificate string. The content of this string is written to the file `/tmp/pprof.crt` in the remote pods.
- key: Privete key string. The content of this string is written to the file `/tmp/pprof.key` in the remote pods.
- cert: Base64 encoded certificate. The decoded content is written to the file `/tmp/pprof.crt` in the remote pods.
- key: Base64 encoded private key. The decoded content is written to the file `/tmp/pprof.key` in the remote pods.
- certFile: Path to a certificate file. The content of this file is copied to the remote pods to the path `/tmp/pprof.crt`
- keyFile: Path to a private key file. The content of this file is copied to the remote pods to the path `/tmp/pprof.key`

Expand Down Expand Up @@ -153,33 +153,8 @@ An example of how to configure this measurement to collect pprof HEAP and CPU pr
- name: etcd-cpu
namespace: "openshift-etcd"
labelSelector: {app: etcd}
cert: |
-----BEGIN CERTIFICATE-----
rztlngowHwYDVR0jBB/asdfadsSDFDSKJEZz61mN8MKux9xciz0wgeMGA1UdEQSB
2zCB2IIUZXRjZCFwerdsvadsc3RlbS5zdmOCImV0Y2Qua3ViZS1zeXN0ZW0uc3Zj
LmNsdXN0ZXIubG9jYWyCF2V0Y2Qub3BlbnNoaWZ0LWV0Y2Quc3ZjgiVldGNkLm9w
ZW5zaGlmdC1ldGNkLnN2Yy5jbHVzdGVyLmxvY2Fsgglsb2NhbGhvc3SCAzo6MYIM
MTAuMC4xNDEuMjI4ggkxMjcuMC4wLjGCAzo6MYcQAAAAAAAAAAAAAAAAAAAAAYcE
CgCN5IcEfwAAAYcQAAAFFFF098asdfNkS23123ANBgkqhkiG9w0BAQsFAAOCAQEA
vlVzkjOIquj3uS0QxeixXWyCl8vApYanD/LqUN7ARSH5+vQ+Pw3qQJm1tdP3b7Yh
6NZC1DuA/n/kwWOMXtfsbaobZjV5XlPKjp4Oz7SIFE4P8ZmyYxTNSordmbkS4ezS
3QpJOF34IgyqxojTbQkWy4l3PZfpAt7ypWrbQiX8N9cSIKFicJN+uAzeDDM2qsh3
Xxk2PQtmmxpfOe9VaAj1dnGg9YNiF7ECuOD8nZsctmx79rPeBOzI5N093op/eFNb
yTE03WjyNP82xfiQnFfZQvqX6niasdf987ASfd4X1yh00ymxpK/cG1s7BPLSpaL1
xCMBdF9nD3tq9v/oyKJjvQ==
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
FOOvpAIBAAKCAQEAruV1jbKMqi5XfCaz7Ey6Bn5XGYOJvYc4VWKpT4OZ/TzBarDO
Okou0FU04klDK06Zajm13NKHDZjzhzcskO9xKQvFDanR17zqV0aX03MZR4pydbUv
WLKSE9KAKA823298gnkeQ9sorUwLrtjnFHdUDwfagIOffmPiZPIFM1hABZ50B1FV
xXCRdaAAIGKYvAg0ZcarE4LXSasdf/asdSk32kVMd2t7unA2nAIcxJmik4AcZxok
oIgOIIIIIIL1LOToA0XYPxkuOcWTpIg6XCVQuI104SKZ9K7yZSWmEBm3E2uSWz++
x/lYpw/vEjaWeaK9qdmCjXud+jceiCLjmiJF4QIDAQABAoIBADgvowo4eBQb+yL5
VAfvxjtbzyN1LITkseZMYdQXlRrTr9dUoYv8VPm8xdaEbr207HhBvfkI8TYfEu03
fmu5YIMtMsrm6XEDUc1j8laNvWtMQOUrpeA6zc7sJhvS5ys09gM6H+RwvaqeqYos
SGA8zZZekYWDw3NZJ1wCnEUYbsjeEE298fjLfvs7vk5AswD2yyX2fF4wEBLwMi0L
-----END RSA PRIVATE KEY-----
cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIApyenRsbmdvd0h3WURWUjBqQkIvYXNkZmFkc1NERkRTS0pFWno2MW1OOE1LdXg5eGNpejB3Z2VNR0ExVWRFUVNCCjJ6Q0IySUlVWlhSalpDRndlcmRzdmFkc2MzUmxiUzV6ZG1PQ0ltVjBZMlF1YTNWaVpTMXplWE4wWlcwdWMzWmoKTG1Oc2RYTjBaWEl1Ykc5allXeUNGMlYwWTJRdWIzQmxibk5vYVdaMExXVjBZMlF1YzNaamdpVmxkR05rTG05dwpaVzV6YUdsbWRDMWxkR05rTG5OMll5NWpiSFZ6ZEdWeUxteHZZMkZzZ2dsc2IyTmhiR2h2YzNTQ0F6bzZNWUlNCk1UQXVNQzR4TkRFdU1qSTRnZ2t4TWpjdU1DNHdMakdDQXpvNk1ZY1FBQUFBQUFBQUFBQUFBQUFBQUFBQUFZY0UKQ2dDTjVJY0Vmd0FBQVljUUFBQUZGRkYwOThhc2RmTmtTMjMxMjNBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQQp2bFZ6a2pPSXF1ajN1UzBReGVpeFhXeUNsOHZBcFlhbkQvTHFVTjdBUlNINSt2UStQdzNxUUptMXRkUDNiN1loCjZOWkMxRHVBL24va3dXT01YdGZzYmFvYlpqVjVYbFBLanA0T3o3U0lGRTRQOFpteVl4VE5Tb3JkbWJrUzRlelMKM1FwSk9GMzRJZ3lxeG9qVGJRa1d5NGwzUFpmcEF0N3lwV3JiUWlYOE45Y1NJS0ZpY0pOK3VBemVERE0ycXNoMwpYeGsyUFF0bW14cGZPZTlWYUFqMWRuR2c5WU5pRjdFQ3VPRDhuWnNjdG14NzlyUGVCT3pJNU4wOTNvcC9lRk5iCnlURTAzV2p5TlA4MnhmaVFuRmZaUXZxWDZuaWFzZGY5ODdBU2ZkNFgxeWgwMHlteHBLL2NHMXM3QlBMU3BhTDEKeENNQmRGOW5EM3RxOXYvb3lLSmp2UT09ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIApGT092cEFJQkFBS0NBUUVBcnVWMWpiS01xaTVYZkNhejdFeTZCbjVYR1lPSnZZYzRWV0twVDRPWi9UekJhckRPCk9rb3UwRlUwNGtsREswNlpham0xM05LSERaanpoemNza085eEtRdkZEYW5SMTd6cVYwYVgwM01aUjRweWRiVXYKV0xLU0U5S0FLQTgyMzI5OGdua2VROXNvclV3THJ0am5GSGRVRHdmYWdJT2ZmbVBpWlBJRk0xaEFCWjUwQjFGVgp4WENSZGFBQUlHS1l2QWcwWmNhckU0TFhTYXNkZi9hc2RTazMya1ZNZDJ0N3VuQTJuQUljeEptaWs0QWNaeG9rCm9JZ09JSUlJSUlMMUxPVG9BMFhZUHhrdU9jV1RwSWc2WENWUXVJMTA0U0taOUs3eVpTV21FQm0zRTJ1U1d6KysKeC9sWXB3L3ZFamFXZWFLOXFkbUNqWHVkK2pjZWlDTGptaUpGNFFJREFRQUJBb0lCQURndm93bzRlQlFiK3lMNQpWQWZ2eGp0Ynp5TjFMSVRrc2VaTVlkUVhsUnJUcjlkVW9ZdjhWUG04eGRhRWJyMjA3SGhCdmZrSThUWWZFdTAzCmZtdTVZSU10TXNybTZYRURVYzFqOGxhTnZXdE1RT1VycGVBNnpjN3NKaHZTNXlzMDlnTTZIK1J3dmFxZXFZb3MKU0dBOHpaWmVrWVdEdzNOWkoxd0NuRVVZYnNqZUVFMjk4ZmpMZnZzN3ZrNUFzd0QyeXlYMmZGNHdFQkx3TWkwTAotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCgo=
url: https://localhost:2379/debug/pprof/profile?timeout=30

```
Expand Down
15 changes: 13 additions & 2 deletions pkg/measurements/pprof.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ package measurements
import (
"bytes"
"context"
"encoding/base64"
"fmt"
"io"
"os"
Expand Down Expand Up @@ -110,8 +111,18 @@ func (p *pprof) getPProf(wg *sync.WaitGroup, first bool) {
}
}
if target.Cert != "" && target.Key != "" && first {
cert = strings.NewReader(target.Cert)
privKey = strings.NewReader(target.Key)
certData, err := base64.StdEncoding.DecodeString(target.Cert)
if err != nil {
log.Errorf("Error decoding pprof certificate data from %s", target.Name)
continue
}
privKeyData, err := base64.StdEncoding.DecodeString(target.Key)
if err != nil {
log.Errorf("Error decoding pprof private key data from %s", target.Name)
continue
}
cert = strings.NewReader(string(certData))
privKey = strings.NewReader(string(privKeyData))
}
wg.Add(1)
go func(target types.PProftarget, pod corev1.Pod) {
Expand Down

0 comments on commit 9646a13

Please sign in to comment.