Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OCPVE-706: Secure metrics endpoints #431

Merged
merged 1 commit into from
Sep 25, 2023
Merged

OCPVE-706: Secure metrics endpoints #431

merged 1 commit into from
Sep 25, 2023

Conversation

suleymanakbas91
Copy link
Contributor

@suleymanakbas91 suleymanakbas91 commented Sep 25, 2023
edited
Loading

This PR secures the metrics endpoints exposed in lvm-operator, vg-manager, and topolvm-node. For lvm-operator and vg-manager, this uses the new secure metrics serving feature introduced in kubernetes-sigs/controller-runtime#2407. For topolvm-node, this PR introduces a sidecar container kube-rbac-proxy which handles the TLS connection.

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 25, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 25, 2023

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci openshift-ci bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 25, 2023
@suleymanakbas91 suleymanakbas91 changed the title feat: secure metrics endpoints OCPVE-706: Secure metrics endpoints Sep 25, 2023
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Sep 25, 2023
@openshift-ci-robot
Copy link

openshift-ci-robot commented Sep 25, 2023
edited by openshift-ci bot
Loading

@suleymanakbas91: This pull request references OCPVE-706 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot
Copy link

openshift-ci-robot commented Sep 25, 2023
edited by openshift-ci bot
Loading

@suleymanakbas91: This pull request references OCPVE-706 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.15.0" version, but no target version was set.

In response to this:

This PR secures the metrics endpoints exposed in lvm-operator, vg-manager, and topolvm-node. For lvm-operator and vg-manager, this uses the new secure metrics serving feature introduced in kubernetes-sigs/controller-runtime#2407. For topolvm-node, this PR introduces a sidecar container kube-rbac-proxy which handles the TLS connection.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@suleymanakbas91 suleymanakbas91 marked this pull request as ready for review September 25, 2023 11:04
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 25, 2023
@codecov-commenter
Copy link

codecov-commenter commented Sep 25, 2023
edited
Loading

Codecov Report

Merging #431 (45542ba) into main (2c853f5) will increase coverage by 0.57%.
The diff coverage is 100.00%.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #431      +/-   ##
==========================================
+ Coverage   60.64%   61.21%   +0.57%     
==========================================
  Files          28       28              
  Lines        2376     2411      +35     
==========================================
+ Hits         1441     1476      +35     
  Misses        788      788              
  Partials      147      147
Files Changed Coverage Δ
controllers/defaults.go 50.00% <ø> (ø)
controllers/topolvm_node.go 95.74% <100.00%> (+0.60%) ⬆️
controllers/vgmanager_daemonset.go 100.00% <100.00%> (ø)

jakobmoellerdev
jakobmoellerdev reviewed Sep 25, 2023
View reviewed changes
Copy link
Contributor

@jakobmoellerdev jakobmoellerdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one minor nit and some questions, overall looks great, this is a huge improvement! 🎉

README.md Show resolved Hide resolved
cmd/operator/operator.go Show resolved Hide resolved
cmd/vgmanager/vgmanager.go Show resolved Hide resolved
@suleymanakbas91
feat: secure metrics endpoints
45542ba 
Signed-off-by: Suleyman Akbas <[email protected]>
jakobmoellerdev
jakobmoellerdev approved these changes Sep 25, 2023
View reviewed changes
Copy link
Contributor

@jakobmoellerdev jakobmoellerdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Sep 25, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 25, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jakobmoellerdev, suleymanakbas91

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD 2c853f5 and 2 for PR HEAD 45542ba in total

@suleymanakbas91
Copy link
Contributor Author

/retest-required

@suleymanakbas91
Copy link
Contributor Author

/retest

1 similar comment
@suleymanakbas91
Copy link
Contributor Author

/retest

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD 12ae9ae and 1 for PR HEAD 45542ba in total

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 25, 2023

@suleymanakbas91: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot merged commit b1f83fe into openshift:main Sep 25, 2023
@suleymanakbas91 suleymanakbas91 deleted the tls-metrics branch September 25, 2023 16:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakobmoellerdev jakobmoellerdev jakobmoellerdev approved these changes

@jerpeter1 jerpeter1 Awaiting requested review from jerpeter1

Assignees

@jakobmoellerdev jakobmoellerdev

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@suleymanakbas91 @openshift-ci-robot @codecov-commenter @jakobmoellerdev @openshift-merge-robot