Open deviarchscs opened 4 months ago
We are running the SSL Exporter in a restricted k8s cluster where we don't have access to all namespaces and all resources. When we try monitoring a certificate in a k8s secret, the script first try to list every secrets in the cluster. This step is failing with a Forbidden message by the API server. Listing is done by following line: https://github.com/ribbybibby/ssl_exporter/blob/890c51077ccec7eaa00c8a9338e0710200b3d431/prober/kubernetes.go#L47
A solution would be to list secrets ONLY in the particular namespace when it is possible (ie: when the namespace is complete and does not contain any wildcards/regex).
We are running the SSL Exporter in a restricted k8s cluster where we don't have access to all namespaces and all resources. When we try monitoring a certificate in a k8s secret, the script first try to list every secrets in the cluster. This step is failing with a Forbidden message by the API server. Listing is done by following line: https://github.com/ribbybibby/ssl_exporter/blob/890c51077ccec7eaa00c8a9338e0710200b3d431/prober/kubernetes.go#L47
A solution would be to list secrets ONLY in the particular namespace when it is possible (ie: when the namespace is complete and does not contain any wildcards/regex).