New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Metrics should be exposed over secure channel #24803
Metrics should be exposed over secure channel #24803
Conversation
473cb34
to
fd2bbd2
Compare
fd2bbd2
to
264b1ca
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Couple of comments.
@@ -230,6 +230,44 @@ var _ = g.Describe("[sig-instrumentation] Prometheus", func() { | |||
} | |||
return true, nil | |||
})).NotTo(o.HaveOccurred(), "possibly some services didn't register ServiceMonitors to allow metrics collection") | |||
|
|||
g.By("verifying all targets are exposing metrics over secure channel") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right above there is a line that says:
// TODO: should probably be https
Should that now be https with this PR, or do we just remove that at least for CVO, as it checks the targets page as well
verifying all expected jobs have a working target
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They should be https and some of them already are, but not all (crio, cvo) expose metrics over https as of now. So that "TODO" is still valid.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also that test should stay as it checks for some crucial targets to be up.
o.Expect(err).NotTo(o.HaveOccurred()) | ||
|
||
// Currently following targets do not secure their /metrics endpoints: | ||
// job="cco-metrics" - https://bugzilla.redhat.com/show_bug.cgi?id=1809194 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we leave a note in the bugzillas to remove themselves from this list after they merge their PRs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I plan on doing that after this is merged.
/retest |
/test verify |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lilic, paulfantom The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
as in title