Bug 1809194

Summary: Metrics exposed over insecure channel
Product: OpenShift Container Platform Reporter: Pawel Krupa <pkrupa>
Component: Cloud Credential OperatorAssignee: Devan Goodwin <dgoodwin>
Status: CLOSED ERRATA QA Contact: wang lin <lwan>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4CC: gshereme, lwan, sandeepredhat
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 15:56:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pawel Krupa 2020-03-02 14:57:34 UTC 
Description of problem:
Metrics endpoint is not using TLS to encrypt traffic.

Version-Release number of selected component (if applicable):
4.4 (possibly also earlier versions)

How reproducible:
Always

Steps to Reproduce:
1. Start a cluster
2. Go to prometheus UI
3. Check connection schema for this component

Actual results:
Metrics are exposed over HTTP connection

Expected results:
Metrics are exposed over HTTPS connection

Additional info:
API server operator ServiceMonitor definition can be used as a template on how to fix this issue: https://github.com/openshift/cluster-openshift-apiserver-operator/blob/master/manifests/0000_90_openshift-apiserver-operator_03_servicemonitor.yaml
Comment 1 Scott Dodson 2020-03-03 15:05:24 UTC 
Tied to a 4.5 epic for monitoring team, moving to 4.5 target release.
Comment 2 Pawel Krupa 2020-04-06 11:41:36 UTC 
After fixing please remove your component from an exclusion list in e2e tests at https://github.com/openshift/origin/blob/master/test/extended/prometheus/prometheus.go#L253-L268
Comment 3 Devan Goodwin 2020-05-15 17:43:37 UTC 
We have not found time to schedule this yet, mirroring to Jira and will add to next sprint.
Comment 4 Greg Sheremeta 2020-06-18 18:21:57 UTC 
PR in review
Comment 7 wang lin 2020-06-23 09:17:17 UTC 
The bug fixed.
CCO metrics are exposed over HTTPS connection now, test payload: registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-06-23-053310
Comment 9 errata-xmlrpc 2020-10-27 15:56:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196