Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

metrics: Add rate metrics to Client CSI endpoints #15905

Merged
merged 1 commit into from
Jan 26, 2023
Merged

metrics: Add rate metrics to Client CSI endpoints #15905

merged 1 commit into from
Jan 26, 2023

Conversation

tgross
Copy link
Member

@tgross tgross commented Jan 26, 2023
edited
Loading

Continues the work done in #15876 by extending rate metrics measurement over client CSI endpoints (the last batch of stuff!)

Also tightens up authentication for these endpoints by enforcing the server certificate name is valid. We protect these endpoints currently by mTLS and can't use an auth token because these endpoints are (uniquely) called by the leader and followers for a given node won't have the leader's ephemeral ACL token. Add a certificate name check that requests come from a server and not a client, because no client should ever send these RPCs directly.

@tgross tgross added this to the 1.5.0 milestone Jan 26, 2023
@tgross
metrics: Add rate metrics to Client CSI endpoints
d14392b 
Also tightens up authentication for these endpoints by enforcing the server
certificate name is valid. We protect these endpoints currently by mTLS and
can't use an auth token because these endpoints are (uniquely) called by the
leader and followers for a given node won't have the leader's ephemeral ACL
token. Add a certificate name check that requests come from a server and not a
client, because no client should ever send these RPCs directly.
@tgross tgross force-pushed the rpc-rate-metrics-client-csi branch from 0d33953 to d14392b Compare January 26, 2023 19:02
@tgross tgross requested review from shoenig, lgfa29 and angrycub January 26, 2023 19:53
@tgross tgross marked this pull request as ready for review January 26, 2023 19:53
shoenig
shoenig approved these changes Jan 26, 2023
View reviewed changes
Copy link
Member

@shoenig shoenig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tgross tgross merged commit 94381bd into main Jan 26, 2023
@tgross tgross deleted the rpc-rate-metrics-client-csi branch January 26, 2023 21:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shoenig shoenig shoenig approved these changes

@lgfa29 lgfa29 Awaiting requested review from lgfa29

@angrycub angrycub Awaiting requested review from angrycub

Assignees
No one assigned
Labels
theme/auth theme/metrics type/enhancement
Projects
None yet
Milestone
1.5.0
Development

Successfully merging this pull request may close these issues.
2 participants
@tgross @shoenig