Closed Sohamdg081992 closed 4 weeks ago
Looks like a trivy failure @Sohamdg081992 if you merge from main I believe it should pass.
Looks like a trivy failure @Sohamdg081992 if you merge from main I believe it should pass.
Thanks Kaveesh! Just merged from main.
PR Description
Test Cluster: https://ms.portal.azure.com/#@microsoft.onmicrosoft.com/resource/subscriptions/1a3fd8b1-7a92-4730-8e47-dec9e67f49a9/resourceGroups/testrecalertswcussoham/providers/Microsoft.ContainerService/managedClusters/TestRecAlertsWcusSoham/overview
Openssl command used to generate the certs with specific IP SAN: openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout client-key.pem -out client-cert.pem -subj "/C=US/ST=WA/L=Seattle/O=Microsoft/CN=PrometheusClient" -addext "subjectAltName = IP:10.224.0.4"
This fix adds Tls secret to the reader sidecar container.
Testing with configmap:
Secret create: kubectl create secret generic ama-metrics-mtls-secret --from-file=client-cert.pem=client-cert.pem --from-file=client-key.pem=client-key.pem -n kube-system
Configmap used: https://github.com/Azure/prometheus-collector/blob/main/internal/referenceapp/linux-https-scrape-config.yaml
Delete secret and then create the secret to an invalid/corrupted cert -> pods restart -> metric flow stops due to invalid auth. I then deleted and created the secret again to correct cert using command: kubectl create secret generic ama-metrics-mtls-secret --from-file=client-cert.pem=client-cert.pem --from-file=client-key.pem=client-key.pem. Metric flow continues after pods restart.
Testing with CRD:
Metrics flow.
New Feature Checklist
Tests Checklist
operator
windows
arm64
arc-extension
fips
/tests
) added?