)]}'
{"metropolis/node/core/metrics/exporters.go":[{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"e394519dc9bd3f05480ac8f66d8bd361477f2212","unresolved":true,"context_lines":[{"line_number":71,"context_line":"}"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"func (s *Service) kubeTLSConfig(ctx context.Context, e *Exporter) (*tls.Config, error) {"},{"line_number":74,"context_line":"\tcert, key, err :\u003d s.KPKI.Certificate(ctx, kpki.Master)"},{"line_number":75,"context_line":"\tif err !\u003d nil {"},{"line_number":76,"context_line":"\t\treturn nil, fmt.Errorf(\"could not load certificate %q from PKI: %w\", kpki.Master, err)"},{"line_number":77,"context_line":"\t}"}],"source_content_type":"text/x-go","patch_set":4,"id":"ef33eb9c_8042b614","line":74,"range":{"start_line":74,"start_character":48,"end_line":74,"end_character":54},"updated":"2023-07-24 21:21:51.000000000","message":"We probably shouldn\u0027t be using this certificate here, and instead use some minimum set of k8s permissions that allow us to fetch metrics.","commit_id":"77440c45490021d1b12bb98b8f13f91093b64d16"},{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"d444af48d1df075a1ec88de430ca79f7b12e3011","unresolved":true,"context_lines":[{"line_number":71,"context_line":"}"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"func (s *Service) kubeTLSConfig(ctx context.Context, e *Exporter) (*tls.Config, error) {"},{"line_number":74,"context_line":"\tcert, key, err :\u003d s.KPKI.Certificate(ctx, kpki.Master)"},{"line_number":75,"context_line":"\tif err !\u003d nil {"},{"line_number":76,"context_line":"\t\treturn nil, fmt.Errorf(\"could not load certificate %q from PKI: %w\", kpki.Master, err)"},{"line_number":77,"context_line":"\t}"}],"source_content_type":"text/x-go","patch_set":4,"id":"c9fa230e_39de4a49","line":74,"range":{"start_line":74,"start_character":48,"end_line":74,"end_character":54},"in_reply_to":"bd2e118d_7913dea9","updated":"2023-07-26 10:57:36.000000000","message":"It\u0027s fine for now as long as this only runs on the control plane nodes.\n\nBut the \u0027proper\u0027 way to do this would be to add new RBAC entities in the reconciler code, then augment the metropolis.node.core.curator.proto.api.IssueCertificate RPC to be able to request/issue certificates matching RBAC entities.\n\nMaybe add a `TODO(q3k): move this to IssueCertificates` so that I can get to it at some point.","commit_id":"77440c45490021d1b12bb98b8f13f91093b64d16"},{"author":{"_account_id":1000019,"name":"Tim Windelschmidt","display_name":"Tim","email":"tim@monogon.tech","username":"fionera","avatars":[{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"17a7a9b8a4e02415fc75530f7b6deb7edab7adcc","unresolved":false,"context_lines":[{"line_number":71,"context_line":"}"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"func (s *Service) kubeTLSConfig(ctx context.Context, e *Exporter) (*tls.Config, error) {"},{"line_number":74,"context_line":"\tcert, key, err :\u003d s.KPKI.Certificate(ctx, kpki.Master)"},{"line_number":75,"context_line":"\tif err !\u003d nil {"},{"line_number":76,"context_line":"\t\treturn nil, fmt.Errorf(\"could not load certificate %q from PKI: %w\", kpki.Master, err)"},{"line_number":77,"context_line":"\t}"}],"source_content_type":"text/x-go","patch_set":4,"id":"47892acc_5fc816b9","line":74,"range":{"start_line":74,"start_character":48,"end_line":74,"end_character":54},"in_reply_to":"c61cd3e0_c10d4199","updated":"2023-07-27 15:16:29.000000000","message":"This does not only run on controlplanes tho :( The endpoints are registered everywhere and the logic for obtaining certificates etc is also running on all nodes. Currently metrics are nil pointer panicing ^^\u0027","commit_id":"77440c45490021d1b12bb98b8f13f91093b64d16"},{"author":{"_account_id":1000019,"name":"Tim Windelschmidt","display_name":"Tim","email":"tim@monogon.tech","username":"fionera","avatars":[{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"aa5f93b08f313d66592e42d66a508ef98312a477","unresolved":false,"context_lines":[{"line_number":71,"context_line":"}"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"func (s *Service) kubeTLSConfig(ctx context.Context, e *Exporter) (*tls.Config, error) {"},{"line_number":74,"context_line":"\tcert, key, err :\u003d s.KPKI.Certificate(ctx, kpki.Master)"},{"line_number":75,"context_line":"\tif err !\u003d nil {"},{"line_number":76,"context_line":"\t\treturn nil, fmt.Errorf(\"could not load certificate %q from PKI: %w\", kpki.Master, err)"},{"line_number":77,"context_line":"\t}"}],"source_content_type":"text/x-go","patch_set":4,"id":"c61cd3e0_c10d4199","line":74,"range":{"start_line":74,"start_character":48,"end_line":74,"end_character":54},"in_reply_to":"c9fa230e_39de4a49","updated":"2023-07-26 11:19:51.000000000","message":"Ack","commit_id":"77440c45490021d1b12bb98b8f13f91093b64d16"},{"author":{"_account_id":1000019,"name":"Tim Windelschmidt","display_name":"Tim","email":"tim@monogon.tech","username":"fionera","avatars":[{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"ee95decae1cab2ffe21a6aeb4d25df020a38826f","unresolved":true,"context_lines":[{"line_number":71,"context_line":"}"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"func (s *Service) kubeTLSConfig(ctx context.Context, e *Exporter) (*tls.Config, error) {"},{"line_number":74,"context_line":"\tcert, key, err :\u003d s.KPKI.Certificate(ctx, kpki.Master)"},{"line_number":75,"context_line":"\tif err !\u003d nil {"},{"line_number":76,"context_line":"\t\treturn nil, fmt.Errorf(\"could not load certificate %q from PKI: %w\", kpki.Master, err)"},{"line_number":77,"context_line":"\t}"}],"source_content_type":"text/x-go","patch_set":4,"id":"bd2e118d_7913dea9","line":74,"range":{"start_line":74,"start_character":48,"end_line":74,"end_character":54},"in_reply_to":"ef33eb9c_8042b614","updated":"2023-07-25 22:29:19.000000000","message":"Internally this also gets used for doing healthchecks against all kinds of things. For replacing this we afaik have to add custom groups","commit_id":"77440c45490021d1b12bb98b8f13f91093b64d16"}],"metropolis/node/core/roleserve/worker_metrics.go":[{"author":{"_account_id":1000002,"name":"Serge Bazanski","display_name":"Serge","email":"serge@monogon.tech","username":"serge","avatars":[{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/52c41428b6369f2c02b9717425216f7d.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"e394519dc9bd3f05480ac8f66d8bd361477f2212","unresolved":true,"context_lines":[{"line_number":50,"context_line":"\t\tCredentials: cc.credentials,"},{"line_number":51,"context_line":"\t\tCurator:     ipb.NewCuratorClient(cc.conn),"},{"line_number":52,"context_line":"\t\tLocalRoles:  s.localRoles,"},{"line_number":53,"context_line":"\t\tKPKI:        pki,"},{"line_number":54,"context_line":"\t}"},{"line_number":55,"context_line":"\treturn svc.Run(ctx)"},{"line_number":56,"context_line":"}"}],"source_content_type":"text/x-go","patch_set":4,"id":"0cc38e79_85915515","line":53,"range":{"start_line":53,"start_character":2,"end_line":53,"end_character":19},"updated":"2023-07-24 21:21:51.000000000","message":"How about we retrieve the credentials here and instantiate the service with them? Then the service doesn\u0027t need to be aware of any kpki weirdness.","commit_id":"77440c45490021d1b12bb98b8f13f91093b64d16"},{"author":{"_account_id":1000019,"name":"Tim Windelschmidt","display_name":"Tim","email":"tim@monogon.tech","username":"fionera","avatars":[{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/57e6137fdb8185cd15ac27ba188780ff.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"change_message_id":"aa5f93b08f313d66592e42d66a508ef98312a477","unresolved":false,"context_lines":[{"line_number":50,"context_line":"\t\tCredentials: cc.credentials,"},{"line_number":51,"context_line":"\t\tCurator:     ipb.NewCuratorClient(cc.conn),"},{"line_number":52,"context_line":"\t\tLocalRoles:  s.localRoles,"},{"line_number":53,"context_line":"\t\tKPKI:        pki,"},{"line_number":54,"context_line":"\t}"},{"line_number":55,"context_line":"\treturn svc.Run(ctx)"},{"line_number":56,"context_line":"}"}],"source_content_type":"text/x-go","patch_set":4,"id":"2b9cf290_71321581","line":53,"range":{"start_line":53,"start_character":2,"end_line":53,"end_character":19},"in_reply_to":"0cc38e79_85915515","updated":"2023-07-26 11:19:51.000000000","message":"Done","commit_id":"77440c45490021d1b12bb98b8f13f91093b64d16"}]}