Bug 1254880 - Secure communication for Heapster metric collection
Summary: Secure communication for Heapster metric collection
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Hawkular
Version: 3.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Matt Wringe
QA Contact: chunchen
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-08-19 07:44 UTC by Ali Sogukpinar
Modified: 2022-07-09 07:37 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-01-26 19:16:15 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0070 0 normal SHIPPED_LIVE Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update 2016-01-27 00:12:41 UTC

Description Ali Sogukpinar 2015-08-19 07:44:31 UTC 
- Proposed title of this feature request  
Secure Access to OpenShift cluster for collecting metrics.
   
- What is the nature and description of the request?  
At the moment Heapster is using readonly port to collect metrics from OpenShift cluster however, traffic is not encrypted.
  
- Why does the customer need this?

Due to corporate security policies requirements all traffic needs to be encrypted.
  
  
- How would the customer like to achieve this? 

Traffic from nodes to Heapster needs to go through secured channel. (i.e ssl)
  
- For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  
  
- Is there already an existing RFE upstream or in Red Hat Bugzilla?  
No
  
- Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  
OSE 3.1  

- Is the sales team involved in this request and do they have any additional input?  
Yes
  
- Would the customer be able to assist in testing this functionality if implemented?  
Yes
Comment 1 Ali Sogukpinar 2015-08-19 07:46:23 UTC 
Upstream discussion related to this subject
https://github.com/openshift/origin/issues/3020
Comment 3 Luke Meyer 2015-09-23 17:59:24 UTC 
In progress via https://trello.com/c/kej8gRJg
Comment 4 Jeff Cantrill 2016-01-06 20:22:53 UTC 
Card was accepted in Oct.
Comment 5 chunchen 2016-01-07 07:06:27 UTC 
It's fixed, checked with latest metrics stack images as below:

openshift3/metrics-deployer image 277d6f10f28e
openshift3/metrics-hawkular-metrics image b44dc66d64f2
openshift3/metrics-cassandra image 8ea21f4b3377
openshift3/metrics-heapster image 800434e62203

Test results:
The metrics endpoints are using secure http method, like below:

https://hawkular-metrics.0107-1kp.qe.rhcloud.com/hawkular/metrics/counters/hawkular-metrics%2F270d1075-b509-11e5-b264-fa163ea9e676%2Fcpu%2Fusage/data?buckets=61&start=1452148364643
Comment 7 errata-xmlrpc 2016-01-26 19:16:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2016:0070
Note You need to log in before you can comment on or make changes to this bug.