Description of problem: Metrics endpoint is not using TLS to encrypt traffic. Version-Release number of selected component (if applicable): 4.4 (possibly also earlier versions) How reproducible: Always Steps to Reproduce: 1. Start a cluster 2. Go to prometheus UI 3. Check connection schema for this component Actual results: Metrics are exposed over HTTP connection Expected results: Metrics are exposed over HTTPS connection Additional info: API server operator ServiceMonitor definition can be used as a template on how to fix this issue: https://github.com/openshift/cluster-openshift-apiserver-operator/blob/master/manifests/0000_90_openshift-apiserver-operator_03_servicemonitor.yaml
Tied to a 4.5 epic for monitoring team, moving to 4.5 target release.
After fixing please remove your component from an exclusion list in e2e tests at https://github.com/openshift/origin/blob/master/test/extended/prometheus/prometheus.go#L253-L268
We have not found time to schedule this yet, mirroring to Jira and will add to next sprint.
PR in review
The bug fixed. CCO metrics are exposed over HTTPS connection now, test payload: registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-06-23-053310
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196