Bug 1822720 - OVN metrics exposed over insecure channel
Summary: OVN metrics exposed over insecure channel
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.5
Hardware: Unspecified
OS: Unspecified
medium
high
Target Milestone: ---
: 4.6.0
Assignee: Juan Luis de Sousa-Valadas
QA Contact: Ross Brattain
URL:
Whiteboard: SDN-CI-IMPACT
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-09 17:17 UTC by Juan Luis de Sousa-Valadas
Modified: 2020-10-27 15:58 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature: Expose OVN metrics over TLS Reason: We don't any traffic over plain HTTP at all. Result: OVN metrics exposed on an HTTPS endpoint.
Clone Of:
Environment:
Last Closed: 2020-10-27 15:57:47 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 581 0 None closed Bug 1822720: Configure TLS for OVN metrics endpoints 2020-11-30 06:32:56 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 15:58:14 UTC

Description Juan Luis de Sousa-Valadas 2020-04-09 17:17:13 UTC
Description of problem:
OVN exposes metrics over plain HTTP instead of HTTPS

Version-Release number of selected component (if applicable):
Not implemented

How reproducible:
Always

Comment 3 Ross Brattain 2020-08-28 02:47:26 UTC
verified on 4.6.0-0.nightly-2020-08-24-110601


* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=ovn-kubernetes-master-metrics.openshift-ovn-kubernetes.svc
*       start date: Aug 27 23:23:13 2020 GMT
*       expire date: Aug 27 23:23:14 2022 GMT
*       common name: ovn-kubernetes-master-metrics.openshift-ovn-kubernetes.svc
*       issuer: CN=openshift-service-serving-signer@1598570578
> GET /metrics HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 10.0.0.2:9102

Comment 5 errata-xmlrpc 2020-10-27 15:57:47 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.