You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@baaaaast
Thanks for writing it up. I think this is a valid issue.
IMO ideally we wanna make sure in the tlgConfig it trusts the CA that signs the internal cert. Is that possible?
It all depends on whether the certificate generation is automatic, manual or based on a secret.
I just thought I could configure tlsConfig in a completely free way like :
metrics-svcmon.yaml example
spec:
jobLabel: app.kubernetes.io/name
endpoints:
- port: {{ template "harbor.metricsPortName" . }}
{{- if .Values.metrics.serviceMonitor.interval }}
interval: {{ .Values.metrics.serviceMonitor.interval }}
{{- end }}
honorLabels: true
...
{{- if .Values.metrics.serviceMonitor.tlsConfig }}
tlsConfig:
{{ toYaml .Values.metrics.serviceMonitor.tlsConfig | indent 4 }}
{{- end }}
Besides, I've decided to give up enabling internal tls as long as the services aren't able to reload the TLS secret if it's changed. This static aspect is too restrictive for me to use with certmanager.
I don't need it anymore for the moment.
Thank you
If we activate the auto cert generation with :
My prometheus service fails to scrap the https-metrics port because it doesn't have the ca bundle used to generate the certificate.
I'd like to be able to configure the
tlsConfig
part of the ServiceMonitor's endpoint : https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#monitoring.coreos.com/v1.TLSConfigCan I do a PR ?
The text was updated successfully, but these errors were encountered: