Skip to content

feat: add TLS/HTTPS support for the exporter HTTP server#340

Open
edyaya wants to merge 2 commits into
redpanda-data:masterfrom
edyaya:feature/exporter-https
Open

feat: add TLS/HTTPS support for the exporter HTTP server#340
edyaya wants to merge 2 commits into
redpanda-data:masterfrom
edyaya:feature/exporter-https

Conversation

@edyaya

@edyaya edyaya commented May 21, 2026

Copy link
Copy Markdown

Summary

Adds native TLS/HTTPS support for the exporter HTTP server, so /metrics and /ready endpoints can be served over HTTPS without a reverse proxy.

Configuration

YAML:

exporter:
  tlsEnabled: true
  tlsCertFilepath: /etc/kminion/tls/server.crt
  tlsKeyFilepath: /etc/kminion/tls/server.key

Environment variables: EXPORTER_TLSENABLED, EXPORTER_TLSCERTFILEPATH, EXPORTER_TLSKEYFILEPATH
Helm values: deployment.tlsEnabled, deployment.tlsCertSecret, deployment.tlsMountPath
What's included

  • Config fields + validation (tlsEnabled, tlsCertFilepath, tlsKeyFilepath)
  • Conditional ListenAndServeTLS in main.go
  • Dockerfile: /etc/kminion/tls directory for mounting certs
  • Helm chart: TLS volume/mount, httpsGet probes (deployment + daemonset), scheme: https in ServiceMonitor
    Similar to support https configuration #258, but with explicit tlsEnabled flag, config validation, and full Helm chart support.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant