Open todaywasawesome opened 1 year ago
Hi @todaywasawesome , Is this still open for the grab ?
Also I think using self sign certificate will be good for local only unless some 3rd party can use it for wrong
I imagine the spec could look like this (Similar to the Web provider)
apiVersion: argoproj.io/v1alpha1
kind: AnalysisTemplate
metadata:
name: testing
spec:
args:
- name: service-name
- api-token
- ca-cert
metrics:
- name: success-rate
interval: 5m
successCondition: len(result) == 0 || result[0] >= 0.95
failureLimit: 3
provider:
prometheus:
address: https://prometheus.example.com:9090
caCert: "{{ args.ca-cert }}"
headers:
- key: Authorization
value: "Bearer {{ args.api-token }}"
query: sum(irate(istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code!~"5.*"}[5m]))
Could also work with basic auth too
apiVersion: argoproj.io/v1alpha1
kind: AnalysisTemplate
metadata:
name: testing
spec:
args:
- name: service-name
- api-token
- ca-cert
metrics:
- name: success-rate
interval: 5m
successCondition: len(result) == 0 || result[0] >= 0.95
failureLimit: 3
provider:
prometheus:
address: https://prometheus.example.com:9090
caCert: "{{ args.ca-cert }}"
headers:
- key: Authorization
value: "Basic {{ args.username-and-password }}"
query: sum(irate(istio_requests_total{reporter="source",destination_service=~"{{args.service-name}}",response_code!~"5.*"}[5m]))
This issue is stale because it has been open 60 days with no activity.
With the prometheus provider now supporting insecure:true
is this issue still valid? Testing v1.6.0 with OpenShift's monitoring stack it looks like everything is working fine with insecure:true
and setting the Authorization header to a bearer token.
Many metrics providers that are locally hosted on the same Kubernetes cluster use internal, self-signed certs. This can throw errors when trying to use the available https endpoints. We should add support for self-signed certs.
https://github.com/argoproj/argo-rollouts/blob/4d8fbd151e10bb7c08fe6a573f65857cb91ec330/metricproviders/prometheus/prometheus.go#L146-L173