Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KEP-4377: Secured Prometheus metrics endpoints #4404

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

KEP-4377: Secured Prometheus metrics endpoints #4404

wants to merge 6 commits into from

Conversation

kannon92
Copy link
Contributor

@kannon92 kannon92 commented Feb 25, 2025
edited
Loading

What type of PR is this?

/kind documentation

What this PR does / why we need it:

KEP for securing metrics with TLS.

Which issue(s) this PR fixes:

KEP for #4377

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/documentation Categorizes issue or PR as related to documentation. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Feb 25, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kannon92
Once this PR has been reviewed and has the lgtm label, please assign mimowo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Feb 25, 2025
@netlify Netlify
Copy link

netlify bot commented Feb 25, 2025
edited
Loading

Deploy Preview for kubernetes-sigs-kueue canceled.

Name Link
🔨 Latest commit 570e57b
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-kueue/deploys/67bfd260b89d4c0008307f68

@kannon92
Copy link
Contributor Author

/cc @tenzen-y @mimowo

@k8s-ci-robot k8s-ci-robot requested a review from mimowo February 25, 2025 20:58
@kannon92 kannon92 mentioned this pull request Feb 26, 2025
Open
@mimowo
Copy link
Contributor

mimowo commented Feb 26, 2025

/assign @gabesaba
for the first pass

@gabesaba
Copy link
Contributor

/unassign

As I won't be able to take a look until next week

@mimowo
Copy link
Contributor

mimowo commented Feb 26, 2025

/assign @PBundyra
Can you make the first pass here?

@PBundyra
Copy link
Contributor

/assign @PBundyra Can you make the first pass here?

Sure, on it

@PBundyra
Copy link
Contributor

/lgtm
Thanks @kannon92!

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 26, 2025
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 72f730f0bc8f1f6ebf62e4c0c154b538fc6770f0

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 26, 2025
@k8s-ci-robot
Copy link
Contributor

New changes are detected. LGTM label has been removed.

@kannon92 kannon92 requested a review from mwielgus February 26, 2025 15:53
@tenzen-y
Copy link
Member

/retitle KEP-4377: Secured Prometheus metrics endpoints

@k8s-ci-robot k8s-ci-robot changed the title add a kep for metrics tls KEP-4377: Secured Prometheus metrics endpoints Feb 26, 2025
@kannon92
Copy link
Contributor Author

cc @camilamacedo86

If you have time, i'd appreciate your insight best practices for metrics security.

@kannon92 kannon92 mentioned this pull request Feb 27, 2025
Open
@kannon92 kannon92 requested review from mimowo and tenzen-y February 27, 2025 16:03
mimowo
mimowo reviewed Feb 28, 2025
View reviewed changes
keps/4377-metrics-tls/README.md
## Design Details

### Deployment changes

Copy link
Contributor

@mimowo mimowo Feb 28, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you put a sentance or a paragraph on when the external certificates are used (IIUC as discussed in the thread when internalCertManager is disabled), and on the defaults (IIUC: /etc/kueue/certs, and the cert names)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have a section called Controller changes below.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mimowo mimowo mimowo left review comments

@gabesaba gabesaba Awaiting requested review from gabesaba

@PBundyra PBundyra Awaiting requested review from PBundyra

@mwielgus mwielgus Awaiting requested review from mwielgus

@tenzen-y tenzen-y Awaiting requested review from tenzen-y

Assignees

@PBundyra PBundyra

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/documentation Categorizes issue or PR as related to documentation. release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@kannon92 @k8s-ci-robot @mimowo @gabesaba @PBundyra @tenzen-y @mwielgus