Skip to content

[Feature]: add TLS support in the operator metrics port #5070

New issue
New issue
Closed
Feature
#8997
Closed
[Feature]: add TLS support in the operator metrics port#5070
Feature
#8997
Assignees
gbartolini
Labels
enhancement 🪄New feature or requestgood first issueGood for newcomers
Milestone
1.28.0
@jsilvela

Description

@jsilvela
jsilvela
opened on Jul 11, 2024

Is there an existing issue already for this feature request/idea?

  • I have searched for an existing issue, and could not find anything. I believe this is a new feature request to be evaluated.

What problem is this feature going to solve? Why should it be added?

As part of increased security for CloudNativePG, the prometheus metrics port
served in port 9187 should support TLS

Describe the solution you'd like

We should enable a new CLI option for the manager to enable TLS. Defaulting to false.
Possibly add a new mount for the certificates, similar to what we have for the webhook certificates

I.e. in /config/manager/manager.yaml

- mountPath: /run/secrets/cnpg.io/metrics
  name: metrics-certificates

Describe alternatives you've considered

We could use an environment variable for the option.

Additional context

No response

Backport?

Yes

Are you willing to actively contribute to this feature?

Yes

Code of Conduct

  • I agree to follow this project's Code of Conduct

Metadata

Metadata

Assignees

Labels

enhancement 🪄New feature or requestgood first issueGood for newcomers

Type

Feature

Projects

CloudNativePG operator development

Status

Done

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions