Disable kube-rbac-proxy from prometheus-exporter-operator controller-manager

Makefile

@@ -1,5 +1,5 @@
 # Current Operator version
-VERSION ?= 0.3.0
+VERSION ?= 0.3.1
 # Image URL to use all building/pushing image targets
 IMG ?= quay.io/3scale/prometheus-exporter-operator:v$(VERSION)
 # Default catalog image
@@ -143,7 +143,7 @@ bundle-build:
 #########################
 prepare-alpha-release: bundle
 
-prepare-release: bundle
+prepare-stable-release: bundle
 	$(MAKE) bundle CHANNELS=alpha,stable DEFAULT_CHANNEL=alpha
 
 bundle-push:

bundle/manifests/prometheus-exporter-operator-controller-manager-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml

@@ -7,7 +7,7 @@ metadata:
 spec:
   endpoints:
   - path: /metrics
-    port: https
+    port: http
   selector:
     matchLabels:
       control-plane: controller-manager

bundle/manifests/prometheus-exporter-operator-controller-manager-metrics-service_v1_service.yaml

@@ -7,9 +7,9 @@ metadata:
   name: prometheus-exporter-operator-controller-manager-metrics-service
 spec:
   ports:
-  - name: https
-    port: 8443
-    targetPort: https
+  - name: http
+    port: 8080
+    targetPort: http
   selector:
     control-plane: controller-manager
 status:

bundle/manifests/prometheus-exporter-operator.clusterserviceversion.yaml

@@ -33,7 +33,7 @@ metadata:
     operators.operatorframework.io/project_layout: ansible.sdk.operatorframework.io/v1
     repository: https://github.com/3scale-ops/prometheus-exporter-operator
     support: Red Hat, Inc.
-  name: prometheus-exporter-operator.v0.3.0
+  name: prometheus-exporter-operator.v0.3.1
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -88,21 +88,6 @@ spec:
     mediatype: image/svg+xml
   install:
     spec:
-      clusterPermissions:
-      - rules:
-        - apiGroups:
-          - authentication.k8s.io
-          resources:
-          - tokenreviews
-          verbs:
-          - create
-        - apiGroups:
-          - authorization.k8s.io
-          resources:
-          - subjectaccessreviews
-          verbs:
-          - create
-        serviceAccountName: prometheus-exporter-operator-controller-manager
       deployments:
       - name: prometheus-exporter-operator-controller-manager
         spec:
@@ -118,18 +103,7 @@ spec:
             spec:
               containers:
               - args:
-                - --secure-listen-address=0.0.0.0:8443
-                - --upstream=http://127.0.0.1:8080/
-                - --logtostderr=true
-                - --v=10
-                image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
-                name: kube-rbac-proxy
-                ports:
-                - containerPort: 8443
-                  name: https
-                resources: {}
-              - args:
-                - --metrics-addr=127.0.0.1:8080
+                - --metrics-addr=0.0.0.0:8080
                 - --enable-leader-election
                 - --leader-election-id=prometheus-exporter-operator
                 env:
@@ -139,7 +113,7 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.annotations['olm.targetNamespaces']
-                image: quay.io/3scale/prometheus-exporter-operator:v0.3.0
+                image: quay.io/3scale/prometheus-exporter-operator:v0.3.1
                 livenessProbe:
                   httpGet:
                     path: /healthz
@@ -148,6 +122,9 @@ spec:
                   periodSeconds: 20
                   timeoutSeconds: 5
                 name: manager
+                ports:
+                - containerPort: 8080
+                  name: http
                 readinessProbe:
                   httpGet:
                     path: /readyz
@@ -293,4 +270,4 @@ spec:
   provider:
     name: Red Hat
     url: https://www.redhat.com
-  version: 0.3.0
+  version: 0.3.1

config/default/kustomization.yaml

@@ -22,4 +22,5 @@ patchesStrategicMerge:
   # Protect the /metrics endpoint by putting it behind auth.
   # If you want your controller-manager to expose the /metrics
   # endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
+  #- manager_auth_proxy_patch.yaml
+- manager_metrics_patch.yaml

config/default/manager_metrics_patch.yaml

@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        args:
+        - "--metrics-addr=0.0.0.0:8080"
+        - "--enable-leader-election"
+        - "--leader-election-id=prometheus-exporter-operator"
+        ports:
+        - containerPort: 8080
+          name: http

config/manager/kustomization.yaml

@@ -5,4 +5,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: quay.io/3scale/prometheus-exporter-operator
-  newTag: v0.3.0
+  newTag: v0.3.1

config/manual/kustomization.yaml

@@ -22,7 +22,8 @@ patchesStrategicMerge:
   # Protect the /metrics endpoint by putting it behind auth.
   # If you want your controller-manager to expose the /metrics
   # endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
+  #- manager_auth_proxy_patch.yaml
+- manager_metrics_patch.yaml
 
 patches:
   - target:
@@ -32,5 +33,5 @@ patches:
       name: controller-manager
     patch: |-
       - op: replace
-        path: /spec/template/spec/containers/1/env/1
+        path: /spec/template/spec/containers/0/env/1
         value: { "name": "WATCH_NAMESPACE", "value": prometheus-exporter-operator-system }

config/manual/manager_metrics_patch.yaml

@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        args:
+        - "--metrics-addr=0.0.0.0:8080"
+        - "--enable-leader-election"
+        - "--leader-election-id=prometheus-exporter-operator"
+        ports:
+        - containerPort: 8080
+          name: http

config/prometheus/monitor.yaml

@@ -10,7 +10,7 @@ metadata:
 spec:
   endpoints:
     - path: /metrics
-      port: https
+      port: http
   selector:
     matchLabels:
       control-plane: controller-manager

config/rbac/kustomization.yaml

@@ -7,7 +7,8 @@ resources:
 # Comment the following 4 lines if you want to disable
 # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
 # which protects your /metrics endpoint.
-- auth_proxy_service.yaml
-- auth_proxy_role.yaml
-- auth_proxy_role_binding.yaml
-- auth_proxy_client_clusterrole.yaml
+#- auth_proxy_service.yaml
+#- auth_proxy_role.yaml
+#- auth_proxy_role_binding.yaml
+#- auth_proxy_client_clusterrole.yaml
+- metrics_service.yaml

config/rbac/metrics_service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: controller-manager
+  name: controller-manager-metrics-service
+  namespace: system
+spec:
+  ports:
+  - name: http
+    port: 8080
+    targetPort: http
+  selector:
+    control-plane: controller-manager

config/testing/kustomization.yaml

@@ -9,7 +9,8 @@ namePrefix: prometheus-exporter-operator-
 
 patchesStrategicMerge:
 - debug_logs_patch.yaml
-- manager_auth_proxy_patch.yaml
+#- manager_auth_proxy_patch.yaml
+- manager_metrics_patch.yaml
 
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
@@ -28,5 +29,5 @@ patches:
       name: controller-manager
     patch: |-
       - op: replace
-        path: /spec/template/spec/containers/1/env/2
+        path: /spec/template/spec/containers/0/env/2
         value: { "name": "WATCH_NAMESPACE", "value": default }

config/testing/manager_metrics_patch.yaml

@@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        args:
+        - "--metrics-addr=0.0.0.0:8080"
+        - "--enable-leader-election"
+        - "--leader-election-id=prometheus-exporter-operator"
+        ports:
+        - containerPort: 8080
+          name: http

docs/release.md

@@ -12,8 +12,8 @@ make prepare-alpha-release
 * Then you can manually execute opeator, bundle and catalog build/push.
 
 ## Stable
-* Either if it is an **stable** release, execute the following target to create appropiate `alpha` and `stable` bundle files:
+* But if it is an **stable** release, execute the following target to create appropiate `alpha` and `stable` bundle files:
 ```bash
-make prepare-release
+make prepare-stable-release
 ```
 * Then open a [Pull Request](https://github.com/3scale-ops/prometheus-exporter-operator/pulls), and a GitHub Action will automatically detect if it is new release or not, in order to create it by building/pushing new operator, bundle and catalog images, as well as creating a GitHub release draft.