You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the metrics port in Kafka exporter does not support tls encypted connections (these are the current configs). Ability to communicate with Kafka exporter over tls would allow spec.endpoints[].tlsConfig and .spec.podMetricsEndpoints[].tlsConfig configs to be used in Service monitors and Pod monitors.
Suggested solution
Server certificates and keys can be configured in Kafka exporter by running the kafka exporter image with server.tls.XXX flags(more info can be found here). If this feature request is accepted any suggestions on how the required certificates and keys can be generated are welcome(could be similar to how it's done for cruise control but this is not my area of expertise).
A new config under spec.kafkaExporter section might have to be introduced to allow users to specify if they would like to enable TLS encrypted communication, something similar to below:
spec:
kafkaExporter:
enableTLS: true
Alternatives
No response
Additional context
No response
The text was updated successfully, but these errors were encountered:
Triaged on 6.4.2023: This does not seem to make much sense in the context of all the other metrics endpoints which do not have any encryption. It is also not as straight forward as this issue makes it sounds -> one would need to generate the certificates and maintain them, probably provide ways to configure the SANs etc.
Related problem
Currently the metrics port in Kafka exporter does not support tls encypted connections (these are the current configs). Ability to communicate with Kafka exporter over tls would allow spec.endpoints[].tlsConfig and .spec.podMetricsEndpoints[].tlsConfig configs to be used in Service monitors and Pod monitors.
Suggested solution
Server certificates and keys can be configured in Kafka exporter by running the kafka exporter image with
server.tls.XXX
flags(more info can be found here). If this feature request is accepted any suggestions on how the required certificates and keys can be generated are welcome(could be similar to how it's done for cruise control but this is not my area of expertise).A new config under
spec.kafkaExporter
section might have to be introduced to allow users to specify if they would like to enable TLS encrypted communication, something similar to below:Alternatives
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: