feat: Add TLS to Metrics and Telemetry servers

[simster7]

Warm up PR after months of no Workflows dev 🙂

Closes: #6974

Signed-off-by: Simon Behar simbeh7@gmail.com

Tips:

• Maybe add you organization to USERS.md.
• Your PR needs to pass the required checks before it can be approved. If the check is not required (e.g. E2E tests) it does not need to pass
• Sign-off your commits to pass the DCO check: git commit --signoff.
• Run make pre-commit -B to fix codegen or lint problems.
• Say how how you tested your changes. If you changed the UI, attach screenshots.
• If changes were requested, and you've made them, then dismiss the review to get it looked at again.
• You can ask for help!

[codecov]

Codecov Report

Merging #7041 (c2805c5) into master (31bf57b) will increase coverage by 0.06%.
The diff coverage is 0.00%.

❗ Current head c2805c5 differs from pull request most recent head b7a3b4a. Consider uploading reports for the commit b7a3b4a to get more accurate results

@@            Coverage Diff             @@
##           master    #7041      +/-   ##
==========================================
+ Coverage   48.48%   48.54%   +0.06%     
==========================================
  Files         265      265              
  Lines       19307    19337      +30     
==========================================
+ Hits         9361     9388      +27     
- Misses       8889     8897       +8     
+ Partials     1057     1052       -5     

Impacted Files	Coverage Δ
cmd/argo/commands/server.go	34.07% <0.00%> (+1.90%)	⬆️
config/config.go	28.57% <0.00%> (-3.01%)	⬇️
util/tls/tls.go	52.17% <0.00%> (-12.12%)	⬇️
workflow/controller/controller.go	22.53% <0.00%> (-0.07%)	⬇️
workflow/metrics/metrics.go	76.11% <0.00%> (ø)
workflow/controller/operator.go	71.29% <0.00%> (+0.14%)	⬆️
workflow/metrics/server.go	16.17% <0.00%> (+0.38%)	⬆️
workflow/controller/workflowpod.go	74.41% <0.00%> (+0.51%)	⬆️
workflow/validate/validate.go	77.32% <0.00%> (+0.61%)	⬆️
server/auth/gatekeeper.go	50.00% <0.00%> (+0.95%)	⬆️
... and 2 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 31bf57b...b7a3b4a. Read the comment docs.

[alexec]

Not sure. What was ToB recommendation?

[tczhao]

---

Considering there are many other sections that asked to enable TLS by default.
I think for this Prometheus, it is asking to enable TLS and set it on by default.

[alexec]

I think in v3.3 lets provide the capability to do this. In v3.5 make it the default.

Can you please:

• Add a sections to upgrading.md noting this new feature and that users may wish to configure this on.
• Create a ticket for v3.5 to enable this by default.

[simster7]

Add a sections to upgrading.md noting this new feature and that users may wish to configure this on.

Done: #7051. This needs to be merged for the commit to be available.

Create a ticket for v3.5 to enable this by default.

Done: #7052

[simster7]

@sarabala1979 @tczhao Can I get another review given @alexec comment above and the new changes?

[tczhao]

LGTM

[alexec]

some minor comments

[alexec]

looks great so far!

[simster7]

@alexec Please take another look