Bug 1822720

Summary: OVN metrics exposed over insecure channel
Product: OpenShift Container Platform Reporter: Juan Luis de Sousa-Valadas <jdesousa>
Component: NetworkingAssignee: Juan Luis de Sousa-Valadas <jdesousa>
Networking sub component: ovn-kubernetes QA Contact: Ross Brattain <rbrattai>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: medium CC: anusaxen, bbennett, dcbw, rbrattai, rkhan
Version: 4.5   
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: SDN-CI-IMPACT
Fixed In Version: Doc Type: Enhancement
Doc Text:
Feature: Expose OVN metrics over TLS Reason: We don't any traffic over plain HTTP at all. Result: OVN metrics exposed on an HTTPS endpoint.
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 15:57:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Juan Luis de Sousa-Valadas 2020-04-09 17:17:13 UTC
Description of problem:
OVN exposes metrics over plain HTTP instead of HTTPS

Version-Release number of selected component (if applicable):
Not implemented

How reproducible:
Always

Comment 3 Ross Brattain 2020-08-28 02:47:26 UTC
verified on 4.6.0-0.nightly-2020-08-24-110601


* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=ovn-kubernetes-master-metrics.openshift-ovn-kubernetes.svc
*       start date: Aug 27 23:23:13 2020 GMT
*       expire date: Aug 27 23:23:14 2022 GMT
*       common name: ovn-kubernetes-master-metrics.openshift-ovn-kubernetes.svc
*       issuer: CN=openshift-service-serving-signer@1598570578
> GET /metrics HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 10.0.0.2:9102

Comment 5 errata-xmlrpc 2020-10-27 15:57:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196