[Enhancement]: Allow TLS connections to Kafka exporter

[Kartikey-Mishra1]

Related problem

Currently the metrics port in Kafka exporter does not support tls encypted connections (these are the current configs). Ability to communicate with Kafka exporter over tls would allow spec.endpoints[].tlsConfig and .spec.podMetricsEndpoints[].tlsConfig configs to be used in Service monitors and Pod monitors.

Suggested solution

Server certificates and keys can be configured in Kafka exporter by running the kafka exporter image with server.tls.XXX flags(more info can be found here). If this feature request is accepted any suggestions on how the required certificates and keys can be generated are welcome(could be similar to how it's done for cruise control but this is not my area of expertise).

A new config under spec.kafkaExporter section might have to be introduced to allow users to specify if they would like to enable TLS encrypted communication, something similar to below:

spec:
  kafkaExporter:
    enableTLS: true   

Alternatives

No response

Additional context

No response

[scholzj]

You should probably explain the use-case => why would this be useful (also in the context of all other metrics endpoints being unencrypted).

[scholzj]

Triaged on 6.4.2023: This does not seem to make much sense in the context of all the other metrics endpoints which do not have any encryption. It is also not as straight forward as this issue makes it sounds -> one would need to generate the certificates and maintain them, probably provide ways to configure the SANs etc.