Comments (2)
amimof
commented on September 18, 2024
Hi @lentzi90 Thanks for your input. However I suggest you look at kube-rbac-proxy which will solve this for you. You run node-cert-exporter with kube-rbac-proxy as a side-car container terminating TLS connections before forwarding to node-cert-exporter. As an example, you put this additional container in the daemonset for node-cert-exporter:
- image: quay.io/brancz/kube-rbac-proxy:v0.8.0
name: kube-rbac-proxy
args:
- --logtostderr
- --secure-listen-address=[$(IP)]:9100
- --upstream=http://127.0.0.1:9100/
env:
- name: IP
valueFrom:
fieldRef:
fieldPath: status.podIP
ports:
- containerPort: 9100
hostPort: 9100
name: httpsfrom node-cert-exporter.
lentzi90
commented on September 18, 2024
Hi and thanks for the comment!
We have considered a side-car solution but would prefer "native" TLS support in node-cert-exporter. This is because we want to keep the footprint as minimal as possible and the complexity low. Do you think this would make it reasonable to add TLS support?
I can create a PR where we can more easily discuss the technical details of it!
from node-cert-exporter.
Related Issues (20)
- No certs picked up if one of the certificates in a directory has wrong SELinux context set HOT 4
- Containers are unable to start HOT 2
- Need to run the container without root privileges HOT 1
- Image 1.0.1 does not match release 1.0.1 - ssl_certificate_expiry_failed not implemented HOT 2
- Do not search in --exclude-path HOT 2
- keystore HOT 1
- Old helm release has been overide: 1.0.1 HOT 2
- Helm install fails HOT 1
- Differences in binaries and docker execution HOT 4
- [Feature Request] Please add Serial as a label
- New Release? HOT 3
- Node Exporter for 32 bits - i686 Linux HOT 1
- Ability to parse certificates stored in kubernetes secrets HOT 3
- Outdated version of prometheus/client_golang generating warnings HOT 1
- Documentation? Changing the port? HOT 1
- Is this project still alive? HOT 3
- Add ARM container image HOT 2
- cer-cert Format not readble HOT 2
- Only the first entry in exclude-glob is taken into account HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-cert-exporter.