Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL | Secure service for Noobaa metric #8673

Merged
merged 1 commit into from
Jan 20, 2025
Merged

SSL | Secure service for Noobaa metric #8673

merged 1 commit into from
Jan 20, 2025

Conversation

naveenpaul1
Copy link
Contributor

Explain the changes

  1. add secure port for promethus service
  2. control prometesu http and https service creation with flags. non-secure service creation can be prevented using flag (ALLOW_HTTP_METRICS) in NC NSFS deployment only, and secure prometheus service will start only if ALLOW_HTTPS_METRICS flag is enabled for all the deployents.
  3. Same S3 ssl certs are used by metrics server
  4. Metrics https_port added in CLI and config for flexibility.

Issues: Fixed #xxx / Gap #xxx

  1. nsfs metrics from metrics port 7004 are only implemented over http. This should be changed to https as default.  #8198

Testing Instructions:

  1. start nsfs application
  2. verify metrics server is started by hitting url https://localhost:9443/
  3. try the same with valid local certificate, steps can be found in doc
  • Doc added/updated
  • Tests added

romayalon
romayalon reviewed Jan 14, 2025
View reviewed changes
config.js Outdated Show resolved Hide resolved
src/cmd/nsfs.js Outdated Show resolved Hide resolved
src/cmd/nsfs.js Outdated Show resolved Hide resolved
config.js Outdated Show resolved Hide resolved
src/util/ssl_utils.js Show resolved Hide resolved
src/util/fork_utils.js Outdated Show resolved Hide resolved
src/server/analytic_services/prometheus_reporting.js Outdated Show resolved Hide resolved
@naveenpaul1 naveenpaul1 force-pushed the secure-metrics-port branch 2 times, most recently from 9879872 to b1bc10f Compare January 17, 2025 09:13
romayalon
romayalon reviewed Jan 19, 2025
View reviewed changes
src/util/http_utils.js Outdated Show resolved Hide resolved
src/util/http_utils.js Outdated
function listen_http(port, server, server_type) {
return new Promise((resolve, reject) => {
if (server_type !== 'METRICS') {
setup_http_server(server);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dannyzaken Do you remember maybe why we didn't have a server setup like this for metrics? do you think we should add it for metrics as well?

src/util/http_utils.js Outdated Show resolved Hide resolved
@naveenpaul1 naveenpaul1 merged commit 57badbb into noobaa:master Jan 20, 2025
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@romayalon romayalon romayalon approved these changes

@dannyzaken dannyzaken Awaiting requested review from dannyzaken

@jackyalbo jackyalbo Awaiting requested review from jackyalbo

@shirady shirady Awaiting requested review from shirady

@Neon-White Neon-White Awaiting requested review from Neon-White

Assignees
No one assigned
Labels
size/L
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@naveenpaul1 @Neon-White @romayalon