search

redpanda-data / helm-charts

Redpanda Helm Chart
http://redpanda.com
Apache License 2.0
76 stars 96 forks source link

Setting `tls.enabled=true` and `listeners.admin.tls.enabled=false` misconfigures monitoring #1013

Open chrisseto opened 8 months ago

chrisseto commented 8 months ago

Forgive the brevity, this is me passing along an error report from a slack thread.

Given a set of values like the following:

values: {
    monitoring: {
        enabled: true,
    },
    tls: {
        enabled: true,
    },
    console: {
        enabled: true,
        config: {
            kafka: {
                tls: {
                    enabled: false,
                }
            },
        },
    },
    external: {
        enabled: false,
    },
    // Listener configuration
    listeners: {
        // Disable TLS for admin API since we do not expose it externally
        // and have had issues running some rpk commands which access
        // both the admin API and Kafka API behind TLS.
        admin: {
            tls: {
                enabled: false,
            },
            external: {
                tls: {
                    enabled: false,
                }
            }
        }
    }
}

servicemonitor.yml will generate an incorrect ServiceMonitor because it does not consult the listeners values for information on TLS.

We should make some intermediate renderings/helpers to consolidate TLS definitions and then use that to control whether or not our ServiceMonitor uses http or https.

JIRA Link: K8S-100

RafalKorepta commented 7 months ago

https://github.com/redpanda-data/helm-charts/blob/ce26bcf986209df3736ab693e30d9d9a972ddcf0/charts/redpanda/templates/servicemonitor.yaml#L40-L48

This is exact link to the source code that is problematic.