Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for https #65

Open
mimaison opened this issue Nov 7, 2024 · 5 comments
Open

Add support for https #65

mimaison opened this issue Nov 7, 2024 · 5 comments

Comments

@mimaison
Copy link
Contributor

mimaison commented Nov 7, 2024

The metrics reporter should support exposing the metrics endpoint via https.

@scholzj
Copy link
Member

scholzj commented Nov 9, 2024

I do not want to reject this, but I think we should think about the prioritizations. Strimzi itself does not support HTTPS for metrics and there does not seem to be any issue with it. So I wonder if this should be postponed to see:

  • If the metric reporter actually catches up and gets used
  • If there is any demand

@mimaison
Copy link
Contributor Author

mimaison commented Nov 9, 2024

In all regulated industries, encrypting all communication links is mandatory. But even for other users, HTTPS support is kind of expected nowadays for any project. For example jmx_exporter supports HTTPS since last year, so this will likely be needed for anyone wanting to switch over.

This project is expected to be usable outside of Strimzi. Waiting for users to adopt the reporter before adding "standard" features is a bit of a chicken vs egg.

Implementing this feature should not impact the integration work with the operator, and the operator does not need to use that feature.

Maybe we should discuss the roadmap in an upcoming Strimzi community call. In my mind this and the allowlist reconfiguration support (#55) were great features to push for the 0.2.0 release. Not a feature per-se but adding integration tests (and potentially performance tests too, as one of the key motivation is to scale better than jmx_exporter) should also be a priority, so we ensure new features don't break anything.

Then for 0.3.0, I was considering adding support for KIP-714.

I should add that I'm willing to work on these items, I'm not opening issues demanding new features.

@scholzj
Copy link
Member

scholzj commented Nov 9, 2024

Strimzi does not support TLS on metrics and so far there has been only very little demand for it. With pull-based metrics, it is also very hard to implement on the practical level as you need server certificates with the right SANs that are trusted etc. This will be even more of an issue outside of Strimzi than in Strimzi. So I definitely don't think this is a standard feature that would block adoption.

@im-konge
Copy link
Member

Triaged on 14.11.2024: Let's leave this open for the next time when we will have Jakub on the call as well.

@ppatierno
Copy link
Member

Triaged on 28/11/2024: we agreed this is not higher priority but we can take it open and makes sense to implement when there is time for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants