add hardcoded authorizer to approve /metrics for metrics scraper #43
Conversation
|
/cc @openshift/openshift-team-monitoring |
|
fwiw this leaves the token review intact so we are not skipping verifying if the token is invalidated. |
|
@s-urbaniak what did I do to vendor to piss it off? |
|
a |
fixed |
|
/hold I brought this back to team and the general consensus is to bring this upstream to reduce catch-parry maintenance tech debt. I can help in submitting a PR upstream short-term. This should give us enough headroom to bring this into 4.8. |
openshift-ci-robot
added
the
do-not-merge/hold
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
As discussed with @simonpasquier we'll move forward for now with merging this and will try to contribute the functionality upstream in the 4.8 timeframe. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, s-urbaniak The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
@deads2k not sure why, do you mind to |
it was the CI outage /retest |
|
/retest |
1 similar comment
|
/retest |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
|
/retest Please review the full test history for this PR and help us cut down flakes. |
This is an opinionated authorizer that grants access for our metrics scraper without asking the kube-apiserver because on openshift, we know this identity should always have metrics access.