Re: [Hawkular-dev] OpenShift agent - multiple identity for certs
One of the first services i am trying to monitor is etcd. etcd in OCP is
configured as per the below:
/var/lib/origin/openshift.local.config/master/master-config.yaml
etcdClientInfo:
ca: ca.crt
certFile: master.etcd-client.crt
keyFile: master.etcd-client.key
urls:
- https://10.2.2.2:4001
Which responds with the below cURL:
curl https://10.2.2.2:4001/metrics --cacert ./ca.crt --cert
./master.etcd-client.crt --key ./master.etcd-client.key
So without the "Identity" configuration section set on the agent config,
i'd get a TLS error. As etcd is a core part of OCP, I don't have much
control over the client certs and expect there might be other services
which require the same setup using different certs that i might want to
monitor.
Hope that makes things clear, and Merry Christmas.
Cheers.
On Sat, Dec 24, 2016 at 3:30 PM, John Mazzitelli <mazz(a)redhat.com> wrote:
> Currently it seems you can only provide the agent configmap with
the
identity
> field. But what i want to actually do, is provide this based on the pods
> config map>
> [chomp]
> Is that possible? or planned for the future?
I was hoping this wasn't going to be needed :) But we did talk about it.
It is not possible today because there is one major problem with what you
suggest that would need to be solved somehow:
> cert_file: /var/run/secrets/client-crt/client.crt
> private_key_file: /var/run/secrets/client-key/client.key
That is inside your configmap on your OpenShift project (which may or may
not be the same project where the agent is deployed).
So - what file system is that actually referring to? And how does the
agent get access to those files?
_______________________________________________
hawkular-dev mailing list
hawkular-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/hawkular-dev
Attachments:
- attachment.html (text/html — 3.0 KB)