Hello,
I was debugging the monitoring stack of our deployment and I noticed that our Prometheus could not reach the OpenStack Exporter. The error is about a certificate name mismatch because Prometheus is scraping the exporter with the internal IP address instead of the internal FQDN while the certificate we have is only valid for the internal FQDN.
Indeed, the Prometheus config specifies kolla_internal_vip_address as a target and uses HTTPS when kolla_enable_tls_internal is true. Replacing the target with kolla_internal_fqdn which is a DNS name for which the certificate is valid fixed my issue.
My question is the following: should the internal certificate also be valid for the internal VIP when kolla_enable_tls_internal is set to true or is it okay if it's only valid for the FQDN? In the later case, does it make sense if I open an issue to use the FQDN instead of the IP address in the Prometheus config?
Regards,