WINC-1269: Expose WMCO /metrics endpoint via HTTPS #2388
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
openshift-ci
bot
added
the
approved
|
/approve cancel |
openshift-ci
bot
removed
the
approved
openshift-merge-robot
added
the
needs-rebase
mansikulkarni96
force-pushed
the
WINC-1269
branch
2 times, most recently
from
c65a4cf
to
540ba3e
Compare
openshift-merge-robot
removed
the
needs-rebase
mansikulkarni96
force-pushed
the
WINC-1269
branch
3 times, most recently
from
997c1a7
to
67ff5d8
Compare
mansikulkarni96
changed the title
|
@mansikulkarni96: This pull request references WINC-1269 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/valid-reference
mansikulkarni96
force-pushed
the
WINC-1269
branch
from
67ff5d8
to
5f42788
Compare
|
@mansikulkarni96: This pull request references WINC-1269 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/test aws-e2e-operator |
mansikulkarni96
force-pushed
the
WINC-1269
branch
from
5f42788
to
658084a
Compare
|
WMCO logs |
|
I think you might've pushed some vendor changes. Should those be there? |
@wgahnagl they are generated with make vendor for the import |
We are not using it, but we can consider removing it. It came with the Kubebuilder project scaffolding. |
+1 to removing it as part of this PR |
There was a problem hiding this comment.
@mansikulkarni96 thanks for working on this. Mostly LGTM, left minor suggestions. PTAL
| @@ -156,7 +160,9 @@ func main() { | |||
| mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ | |||
| Scheme: scheme, | |||
| Metrics: metricsserver.Options{ | |||
| BindAddress: fmt.Sprintf("%s:%d", metrics.Host, metrics.Port), | |||
There was a problem hiding this comment.
Why 9182 port is no longer relevant?
There was a problem hiding this comment.
That is used by windows-exporter and is secured by https now, this is used by metrics server. But I think we can keep it the same as 9182 can also be a secure port, I ll update.
cmd/operator/main.go
Outdated
|
|
||
| flag.BoolVar(&debugLogging, "debugLogging", false, "Log debug messages") | ||
| flag.StringVar(&metricsAddr, "metrics-bind-address", "0.0.0.0:8443", | ||
| "The address the metric endpoint binds to.") |
There was a problem hiding this comment.
Please mention the proposed default (8443) in the argument description.
There was a problem hiding this comment.
nit, if you still want to add this
config/manager/manager.yaml
Outdated
| image: controller:latest | ||
| name: manager | ||
| imagePullPolicy: IfNotPresent | ||
| ports: | ||
| - containerPort: 8443 |
There was a problem hiding this comment.
Given that the port is hard-coded in the manifest; What is the use case of the proposed flag metrics-bind-address ?
There was a problem hiding this comment.
The flag is already available through controller-runtime's server package, the intention is to avoid hardcoding in code and pass it through the CSV.
mansikulkarni96
force-pushed
the
WINC-1269
branch
3 times, most recently
from
0a78139
to
de0efc6
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mansikulkarni96 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
10 similar comments
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
/test azure-e2e-operator |
|
/test azure-e2e-upgrade |
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
/override ci/prow/azure-e2e-upgrade |
|
@mansikulkarni96: Overrode contexts on behalf of mansikulkarni96: ci/prow/azure-e2e-upgrade In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@mansikulkarni96: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/cherry-pick release-4.17 |
|
@mansikulkarni96: Failed to get PR patch from GitHub. This PR will need to be manually cherrypicked. Error messagestatus code 406 not one of [200], body: {"message":"Sorry, the diff exceeded the maximum number of files (300). Consider using 'List pull requests files' API or locally cloning the repository instead.","errors":[{"resource":"PullRequest","field":"diff","code":"too_large"}],"documentation_url":"https://docs.github.com/rest/pulls/pulls#list-pull-requests-files","status":"406"}In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cherry-pick release-4.17 |
|
@mansikulkarni96: Failed to get PR patch from GitHub. This PR will need to be manually cherrypicked. Error messagestatus code 406 not one of [200], body: {"message":"Sorry, the diff exceeded the maximum number of files (300). Consider using 'List pull requests files' API or locally cloning the repository instead.","errors":[{"resource":"PullRequest","field":"diff","code":"too_large"}],"documentation_url":"https://docs.github.com/rest/pulls/pulls#list-pull-requests-files","status":"406"}In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/cherry-pick release-4.17 |
|
@mansikulkarni96: Failed to get PR patch from GitHub. This PR will need to be manually cherrypicked. Error messagestatus code 406 not one of [200], body: {"message":"Sorry, the diff exceeded the maximum number of files (300). Consider using 'List pull requests files' API or locally cloning the repository instead.","errors":[{"resource":"PullRequest","field":"diff","code":"too_large"}],"documentation_url":"https://docs.github.com/rest/pulls/pulls#list-pull-requests-files","status":"406"}In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Use the new controller-runtime secureAccess flag and filters.WithAuthenticationAndAuthorization when exposing metrics endpoint.
kube-rbac-proxy has been removed from controller-runtime scaffolding and its use is discouraged to drop the dependency on maintaining the image.