Description of problem:
Metrics endpoint is not using TLS to encrypt traffic.
Version-Release number of selected component (if applicable):
4.4 (possibly also earlier versions)
Steps to Reproduce:
1. Start a cluster
2. Go to prometheus UI
3. Check connection schema for this component
Metrics are exposed over HTTP connection
Metrics are exposed over HTTPS connection
API server operator ServiceMonitor definition can be used as a template on how to fix this issue: https://github.com/openshift/cluster-openshift-apiserver-operator/blob/master/manifests/0000_90_openshift-apiserver-operator_03_servicemonitor.yaml
Tied to a 4.5 epic for monitoring team, moving to 4.5 target release.
After fixing please remove your component from an exclusion list in e2e tests at https://github.com/openshift/origin/blob/master/test/extended/prometheus/prometheus.go#L253-L268
We have not found time to schedule this yet, mirroring to Jira and will add to next sprint.
PR in review
The bug fixed.
CCO metrics are exposed over HTTPS connection now, test payload: registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-06-23-053310
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.