Disable insecure port by sttts · Pull Request #88 · openshift/cluster-kube-scheduler-operator

sttts · 2019-04-04T16:42:53Z

This is blocked by https://github.com/openshift/cluster-monitoring-operator/blob/172beb3e0d2cbf1f79bf61ba9c3f5bea373b4125/assets/prometheus-k8s/service-monitor-kube-scheduler.yaml#L15 pointing to the secure port.

sttts · 2019-04-04T16:43:06Z

/assign @s-urbaniak

sttts · 2019-04-04T16:43:29Z

/assign @ravisantoshgudimetla

sttts · 2019-04-04T16:44:10Z

/hold

s-urbaniak · 2019-04-04T16:57:22Z

just a small request from my side, I enabled a tls based servicemonitor locally, but the kube-scheduler endpoints seem to point to the wrong port:

$ kubectl -n openshift-kube-scheduler get ep scheduler -o yaml
apiVersion: v1
kind: Endpoints
metadata:
...
  ports:
  - name: https
    port: 8443
    protocol: TCP

I believe these should rather be 10259. Is it possible to fix this in conjunction with this change?

In accordance to openshift/cluster-kube-scheduler-operator#88 and openshift/cluster-kube-controller-manager-operator#207 we can now enable TLS for the kube scheduler as well the controller manager.

…le TLS In accordance to openshift/cluster-kube-scheduler-operator#88 and openshift/cluster-kube-controller-manager-operator#207 we can now enable TLS for the kube scheduler as well the controller manager.

s-urbaniak · 2019-04-05T08:50:00Z

/lgtm
I guess we'll have some chicken and egg integration woes here in conjunction with cluster monitoring, but this should be resolved once openshift/cluster-monitoring-operator#308 and this PR both are merged.

s-urbaniak

/lgtm

openshift-ci-robot · 2019-04-08T07:07:19Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: s-urbaniak, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [sttts]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

sttts · 2019-04-08T07:08:40Z

/hold cancel

In accordance to openshift/cluster-kube-scheduler-operator#88 we can now enable TLS for the kube scheduler.

…le TLS In accordance to openshift/cluster-kube-scheduler-operator#88 and openshift/cluster-kube-controller-manager-operator#207 we can now enable TLS for the kube scheduler as well the controller manager.

Recently, the control plane switched to secure ports in [1] and [2]. This aligns them in the installer. [1] openshift/cluster-kube-scheduler-operator#88 [2] openshift/cluster-kube-controller-manager-operator#207

…le TLS In accordance to openshift/cluster-kube-scheduler-operator#88 and openshift/cluster-kube-controller-manager-operator#207 we can now enable TLS for the kube scheduler as well the controller manager.

Disable insecure port

68b66e8

openshift-ci-robot assigned s-urbaniak Apr 4, 2019

openshift-ci-robot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Apr 4, 2019

openshift-ci-robot requested review from ravisantoshgudimetla and sjenning April 4, 2019 16:43

openshift-ci-robot assigned ravisantoshgudimetla Apr 4, 2019

openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 4, 2019

s-urbaniak mentioned this pull request Apr 5, 2019

serviceMonitorKubeControllerManager: enable TLS openshift/cluster-monitoring-operator#308

Closed

Fix service port

ed4a0c7

sttts force-pushed the sttts-insecure-port branch from 0c838c1 to ed4a0c7 Compare April 5, 2019 07:27

openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Apr 5, 2019

s-urbaniak approved these changes Apr 8, 2019

View reviewed changes

openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 8, 2019

openshift-merge-robot merged commit 0e400bc into openshift:master Apr 8, 2019

s-urbaniak added a commit to s-urbaniak/cluster-monitoring-operator that referenced this pull request Apr 8, 2019

serviceMonitorKubeScheduler: enable TLS

d056eda

In accordance to openshift/cluster-kube-scheduler-operator#88 we can now enable TLS for the kube scheduler.

s-urbaniak mentioned this pull request Apr 8, 2019

serviceMonitorKubeScheduler: enable TLS openshift/cluster-monitoring-operator#312

Closed

s-urbaniak mentioned this pull request Apr 10, 2019

serviceMonitorKubeScheduler/serviceMonitorKubeControllerManager: enable TLS openshift/cluster-monitoring-operator#316

Merged

s-urbaniak mentioned this pull request Apr 10, 2019

controller-manager/scheduler: switch to secure ports openshift/installer#1576

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Disable insecure port#88

Disable insecure port#88
openshift-merge-robot merged 2 commits intoopenshift:masterfrom
sttts:sttts-insecure-port

sttts commented Apr 4, 2019

Uh oh!

sttts commented Apr 4, 2019

Uh oh!

sttts commented Apr 4, 2019

Uh oh!

sttts commented Apr 4, 2019

Uh oh!

s-urbaniak commented Apr 4, 2019

Uh oh!

s-urbaniak commented Apr 5, 2019

Uh oh!

s-urbaniak left a comment

Uh oh!

openshift-ci-robot commented Apr 8, 2019

Uh oh!

sttts commented Apr 8, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Conversation

sttts commented Apr 4, 2019

Uh oh!

sttts commented Apr 4, 2019

Uh oh!

sttts commented Apr 4, 2019

Uh oh!

sttts commented Apr 4, 2019

Uh oh!

s-urbaniak commented Apr 4, 2019

Uh oh!

s-urbaniak commented Apr 5, 2019

Uh oh!

s-urbaniak left a comment

Choose a reason for hiding this comment

Uh oh!

openshift-ci-robot commented Apr 8, 2019

Uh oh!

sttts commented Apr 8, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants