Updates to support SSL #16
Conversation
|
|
||
| def initialize_rest_client | ||
| env_host = @node_name | ||
| env_port = 10_255 # 10255 is the readonly port of the kubelet from where we can fetch the metrics exposed by summary API |
There was a problem hiding this comment.
This should be @kubelet_port from the config params
| def initialize_rest_client | ||
| env_host = @node_name | ||
| env_port = 10_255 # 10255 is the readonly port of the kubelet from where we can fetch the metrics exposed by summary API | ||
| ssl_env_port = 10_250 # 10250 is the default ssl port of the kubelet from where we can fetch the metrics exposed by summary API |
There was a problem hiding this comment.
This should be taken as a configurable parameter similar @kubelet_port, maybe @kubelet_ssl_port
There was a problem hiding this comment.
Staying with single port config since it's configurable from yaml file.
| if @bearer_token_file.nil? and File.exist?(secret_token_file) | ||
| @bearer_token_file = secret_token_file | ||
| end | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| if Dir.exist?(@secret_dir) | ||
| secret_ca_file = File.join(@secret_dir, 'ca.crt') | ||
| secret_token_file = File.join(@secret_dir, 'token') | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| # This method is used to set the options for sending a request to the kubelet api | ||
| def request_options | ||
| options = { method: 'get', url: @kubelet_url } | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| options = { method: 'get', url: @kubelet_url } | ||
|
|
||
| if @use_rest_client_ssl == true | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, | ||
| headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} | ||
| } | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| # This method is used to set the options for sending a request to the stats api | ||
| def request_options_stats | ||
| options = { method: 'get', url: @kubelet_url_stats } | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| options = { method: 'get', url: @kubelet_url_stats } | ||
|
|
||
| if @use_rest_client_ssl == true | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, | ||
| headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} | ||
| } | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| options = options.merge(ssl_options) | ||
| log.debug "request_options_stats - #{options}" | ||
| end | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| # This method is used to set the options for sending a request to the cadvisor api | ||
| def cadvisor_request_options | ||
| options = { method: 'get', url: @cadvisor_url } | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| options = { method: 'get', url: @cadvisor_url } | ||
|
|
||
| if @use_rest_client_ssl == true | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| verify_ssl: @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER, | ||
| headers: {:Authorization => 'Bearer ' + File.read(@bearer_token_file)} | ||
| } | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| options = options.merge(ssl_options) | ||
| log.debug "cadvisor_request_options - #{options}" | ||
| end | ||
|
|
There was a problem hiding this comment.
Remove extra line.
| } | ||
|
|
||
| options = options.merge(ssl_options) | ||
| log.debug "request_options - #{options}" |
| } | ||
|
|
||
| options = options.merge(ssl_options) | ||
| log.debug "request_options_stats - #{options}" |
| } | ||
|
|
||
| options = options.merge(ssl_options) | ||
| log.debug "cadvisor_request_options - #{options}" |
|
Also, tests failing @ https://circleci.com/gh/splunk/fluent-plugin-kubernetes-metrics/20?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-build-link might be worthwhile check why. |
|
Also, you will have to update the readme with the new config params. |
…tes-metrics into metrics-ssl
Updates based on PR feedback
…tes-metrics into metrics-ssl
2 participants
No description provided.