-
Story
-
Resolution: Unresolved
-
Major
-
None
-
None
-
3
-
False
-
None
-
False
-
-
Description
We are currently exposing a metrics server within the WMCO pod.
We need to ensure that the metrics endpoint of WMCO does not transmit plaintext data.
kube-rbac-proxy can be used to secure the server.
https://github.com/openshift/windows-machine-config-operator/blob/e872eecec22f31dbb8942912cb7afc42d0923c67/config/rbac/kustomization.yaml#L14
Acceptance Criteria
- WMCO metrics endpoint requires TLS