diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index c81fd45b..19059ce8 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -22,13 +22,14 @@ bases: # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus +- ../prometheus patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml +#- manager_auth_proxy_patch.yaml +- manager_insecure_patch.yaml # Mount the controller config file for loading manager configurations # through a ComponentConfig type diff --git a/config/default/manager_insecure_patch.yaml b/config/default/manager_insecure_patch.yaml new file mode 100644 index 00000000..a2bead75 --- /dev/null +++ b/config/default/manager_insecure_patch.yaml @@ -0,0 +1,18 @@ +# This patch updates the manager for insecure /metrics scraping +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + args: + - "--health-probe-bind-address=:8081" + - "--metrics-bind-address=:8080" + - "--leader-elect" + ports: + - name: http + containerPort: 8080 \ No newline at end of file diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index c69f1c34..3e9e1667 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -33,6 +33,7 @@ spec: - --leader-elect - --log-level=INFO image: controller:latest + imagePullPolicy: Always name: manager imagePullPolicy: Always securityContext: diff --git a/config/manifests/kustomization.yaml b/config/manifests/kustomization.yaml index efe2aba8..f27b4f79 100644 --- a/config/manifests/kustomization.yaml +++ b/config/manifests/kustomization.yaml @@ -20,7 +20,7 @@ patchesJson6902: # Remove the manager container's "cert" volumeMount, since OLM will create and mount a set of certs. # Update the indices in this path if adding or removing containers/volumeMounts in the manager's Deployment. - op: remove - path: /spec/template/spec/containers/1/volumeMounts/0 + path: /spec/template/spec/containers/0/volumeMounts/0 # Remove the "cert" volume, since OLM will create and mount a set of certs. # Update the indices in this path if adding or removing volumes in the manager's Deployment. - op: remove diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml index ed137168..54631487 100644 --- a/config/prometheus/kustomization.yaml +++ b/config/prometheus/kustomization.yaml @@ -1,2 +1,2 @@ resources: -- monitor.yaml +- monitor_insecure.yaml diff --git a/config/prometheus/monitor_insecure.yaml b/config/prometheus/monitor_insecure.yaml new file mode 100644 index 00000000..9322b6a2 --- /dev/null +++ b/config/prometheus/monitor_insecure.yaml @@ -0,0 +1,17 @@ +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: http + scheme: http + interval: 30s + selector: + matchLabels: + control-plane: controller-manager \ No newline at end of file diff --git a/config/rbac/service_insecure.yaml b/config/rbac/service_insecure.yaml new file mode 100644 index 00000000..913c2fe6 --- /dev/null +++ b/config/rbac/service_insecure.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: http + port: 8080 + targetPort: http + selector: + control-plane: controller-manager \ No newline at end of file