[receiver/kubeletstats] tls verify config not being respected #26319
Comments
|
Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
|
This was originally introduced in #324. All examples in the original PR set The solution here is to either honor the |
|
/label -needs-triage |
|
I checked with the original author and it sounds like this wasn't intentional, so the solution will be to honor the |
|
Thank you @crobert-1! You can assign this to me. |
**Description:** <Describe what has changed.> <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> Adds an E2E test for kubeletstats receiver Updates existing e2e k8s tests to bootstrap kind cluster with valid kubelet certificates. This will make k8s clusters used in the e2e test more inline with the security practices used by real clusters and improve testing with the kubeletstats receiver which connects to kubelet server. **Link to tracking Issue:** [26319](#26319) **Testing:** <Describe what testing was performed and which tests were added.> **Documentation:** <Describe the documentation added.>
…account auth (#27070) **Description:** <Describe what has changed.> <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> Fix to use the `insecure_skip_verify` config in http client when connecting with kubelet in service account auth mode. **Link to tracking Issue:** [26319](#26319) **Testing:** <Describe what testing was performed and which tests were added.> Unit tests added, e2e test updated **Documentation:** <Describe the documentation added.>
|
This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
…account auth (open-telemetry#27070) **Description:** <Describe what has changed.> <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> Fix to use the `insecure_skip_verify` config in http client when connecting with kubelet in service account auth mode. **Link to tracking Issue:** [26319](open-telemetry#26319) **Testing:** <Describe what testing was performed and which tests were added.> Unit tests added, e2e test updated **Documentation:** <Describe the documentation added.>
Component(s)
receiver/kubeletstats
What happened?
Description
The receiver exposes the config
InsecureSkipVerifywhich let's user decide if the receiver should verify the server's certificate chain and hostname. The documentation implies that this config is respected for all modes ofauth_typebut it is not respected with the auth mode service_account where is it set to true alwaysSteps to Reproduce
Expected Result
insecure_skip_verify option should be honored when the auth mode with kubelet is service_account
Actual Result
insecure_skip_verify option is not used when the auth mode with kubelet is service_account
Collector version
latest
Environment information
Environment
OS: (e.g., "Ubuntu 20.04")
Compiler(if manually compiled): (e.g., "go 14.2")
OpenTelemetry Collector configuration
No response
Log output
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: