New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MON-3379: Replace the oauth-proxy before thanos-querier with kube-rbac-proxy #2136
Conversation
@raptorsun: This pull request references MON-3379 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
bd85d0f
to
edbe951
Compare
@raptorsun: This pull request references MON-3379 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
f0dc752
to
6b96382
Compare
ec9abfe
to
d1072dc
Compare
@raptorsun: This pull request references MON-3379 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@raptorsun: This pull request references MON-3379 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@raptorsun: This pull request references MON-3379 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
5d85669
to
943a085
Compare
/retest |
@raptorsun: This pull request references MON-3379 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@raptorsun: This pull request references MON-3379 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
The failing |
- --tls-private-key-file=/etc/tls/private/tls.key | ||
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 | ||
- --allow-paths=/api/v1/query,/api/v1/query_range,/api/v1/format_query,/api/v1/series,/api/v1/labels,/api/v1/label/*/values,/api/v1/query_exemplars,/api/v1/targets,/api/v1/rules,/api/v1/alerts,/api/v1/targets/metadata,/api/v1/metadata,/api/v1/alertmanagers,/api/v1/status/* | ||
- -v=10 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
remove this before merging.
@raptorsun is this PR ready for test? |
48b9230
to
be7c141
Compare
Using dedicated service account for each access test in TestMonitoringApiRoles works well :D |
/test e2e-agnostic-operator |
test/e2e/thanos_querier_test.go
Outdated
t.Cleanup(func() { | ||
err := cf() | ||
if err != nil { | ||
t.Fatal(err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would rather log because the last run failed on this line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup, will add a log here.
Last run failed due to a connection reset issue. It may takes too long to delete the namespace.
/test e2e-agnostic-operator |
I have submitted a PR to update the koku-metrics-operator, hoping it can help avoid interrupting the operator's function with our change in CMO. |
project-koku/koku-metrics-operator#240 has been merged. koku operator will not be interrupted after the proxy replacement. |
Pending Simons last comments, this looks good to me. |
@raptorsun: This pull request references MON-3379 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.15.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Thank you very much for reviewing @simonpasquier @jan--f |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: raptorsun, simonpasquier The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This PR is ready to test now :) |
8b657e3
into
openshift:master
Ready to review and merge 🥳
✅ Service accounts able to access Thanos Querier web port:
⛔ Service accounts that used to be able to access Thanos Querier web port but no longer accessible now: