Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Turn https and authn/authz filter on for metrics port. Add RBAC to al… #4051

Merged
merged 1 commit into from
Dec 17, 2024
Merged

Turn https and authn/authz filter on for metrics port. Add RBAC to al… #4051

merged 1 commit into from
Dec 17, 2024

Conversation

dsessler7
Copy link
Contributor

…low pgo service account to authenticate and authorize requests to metrics server.

Checklist:

  • Have you added an explanation of what your changes do and why you'd like them to be included?
  • Have you updated or added documentation for the change, as applicable?
  • Have you tested your changes on all related environments with successful results, as applicable?
    • Have you added automated tests?

Type of Changes:

  • New feature
  • Bug fix
  • Documentation
  • Testing enhancement
  • Other

What is the current behavior (link to any open issues here)?

Operator metrics are served over http on port 8080.

What is the new behavior (if this is a feature change)?

  • Breaking change (fix or feature that would cause existing functionality to change)

Operator metrics will be served over https on port 8443 and a filter is used to force authentication and authorization by the service account of the pod that is making the request. RBAC is added to let the operator create tokenreviews and subjectaccessreviews.

Other Information:

tony-landreth
tony-landreth approved these changes Dec 13, 2024
View reviewed changes
Copy link
Contributor

@tony-landreth tony-landreth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

cbandy
cbandy approved these changes Dec 16, 2024
View reviewed changes
cmd/postgres-operator/main.go Outdated Show resolved Hide resolved
@dsessler7
Turn https and authn/authz filter on for metrics port. Add RBAC to al…
20eb65d 
…low pgo service account to authenticate and authorize requests to metrics server.
@dsessler7 dsessler7 merged commit c946533 into CrunchyData:main Dec 17, 2024
17 checks passed
@dsessler7 dsessler7 deleted the expose-pgo-metrics branch December 17, 2024 21:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tony-landreth tony-landreth tony-landreth approved these changes

@cbandy cbandy cbandy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dsessler7 @cbandy @tony-landreth