Bug 1812508

Summary: Metrics exposed over insecure channel
Product: OpenShift Container Platform Reporter: Ben Bennett <bbennett>
Component: NetworkingAssignee: Aneesh Puttur <aputtur>
Networking sub component: multus QA Contact: Weibin Liang <weliang>
Status: CLOSED DUPLICATE Docs Contact:
Severity: high    
Priority: high CC: bbennett, dosmith, pkrupa, weliang
Version: 4.4   
Target Milestone: ---   
Target Release: 4.4.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1809204 Environment:
Last Closed: 2020-04-17 17:51:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1809204, 1817562    
Bug Blocks:    

Description Ben Bennett 2020-03-11 13:18:30 UTC 
+++ This bug was initially created as a clone of Bug #1809204 +++

Description of problem:
Metrics endpoint for monitor-multus-admission-controller is not using TLS to encrypt traffic.

Version-Release number of selected component (if applicable):
4.4 (possibly also earlier versions)

How reproducible:
Always

Steps to Reproduce:
1. Start a cluster
2. Go to prometheus UI
3. Check connection schema for this component

Actual results:
Metrics are exposed over HTTP connection

Expected results:
Metrics are exposed over HTTPS connection

Additional info:
API server operator ServiceMonitor definition can be used as a template on how to fix this issue: https://github.com/openshift/cluster-openshift-apiserver-operator/blob/master/manifests/0000_90_openshift-apiserver-operator_03_servicemonitor.yaml

--- Additional comment from Ben Bennett on 2020-03-04 09:11:00 EST ---

This same issue was opened across many components, but at least for the router, the bug was spurious.  Can we validate that we are exposing over TLS and update this bug please.

--- Additional comment from Pawel Krupa on 2020-03-04 11:57:11 EST ---

Yes, it was opened for multiple components as multiple components have the same issue. To be precise this one is about openshift-multus/monitor-multus-admission-controller

--- Additional comment from Douglas Smith on 2020-03-10 10:08:52 EDT ---

I have my associate Aneesh Puttur currently assessing this, I believe he's identified the root cause, and we'll target getting a fix in 4.5 and we'll backport to 4.4.z
Comment 1 Aneesh Puttur 2020-04-17 13:38:38 UTC 
Duplicate of this bug: 1809204, Please close this and refer to 1809204 for all updates on multus bug fix.
Comment 2 Aneesh Puttur 2020-04-17 17:51:29 UTC 

*** This bug has been marked as a duplicate of bug 1809204 ***