chart: Add service monitor and remove kube_rbac_proxy leftovers (#527)

* remove all authProxy refs * Add serviceMonitor * fix metrics port * fix newline * fix newline * bump chart version * fix indentation typo * Rename metrics.proxy * Make metrics.portNumber configurable * fix metrics port * revert: chart version change Co-authored-by: toast-gear <15716903+toast-gear@users.noreply.github.com>
2021-05-26 14:10:25 +03:00 · 2021-05-26 14:10:25 +03:00 · 2cbeca0e7c
parent 859e04a680
commit 2cbeca0e7c
11 changed files with 86 additions and 26 deletions
--- a/charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl
+++ b/charts/actions-runner-controller/templates/_github_webhook_server_helpers.tpl
@ -54,3 +54,7 @@ Create the name of the service account to use
 {{- define "actions-runner-controller-github-webhook-server.roleName" -}}
 {{- include "actions-runner-controller-github-webhook-server.fullname" . }}
 {{- end }}
+
+{{- define "actions-runner-controller-github-webhook-server.serviceMonitorName" -}}
+{{- include "actions-runner-controller-github-webhook-server.fullname" . | trunc 47 }}-service-monitor
+{{- end }}
--- a/charts/actions-runner-controller/templates/_helpers.tpl
+++ b/charts/actions-runner-controller/templates/_helpers.tpl
@ -92,10 +92,14 @@ Create the name of the service account to use
 {{- include "actions-runner-controller.fullname" . | trunc 55 }}-webhook
 {{- end }}

-{{- define "actions-runner-controller.authProxyServiceName" -}}
+{{- define "actions-runner-controller.metricsServiceName" -}}
 {{- include "actions-runner-controller.fullname" . | trunc 47 }}-metrics-service
 {{- end }}

+{{- define "actions-runner-controller.serviceMonitorName" -}}
+{{- include "actions-runner-controller.fullname" . | trunc 47 }}-service-monitor
+{{- end }}
+
 {{- define "actions-runner-controller.selfsignedIssuerName" -}}
 {{- include "actions-runner-controller.fullname" . }}-selfsigned-issuer
 {{- end }}
--- a/charts/actions-runner-controller/templates/auth_proxy_role.yaml
+++ b/charts/actions-runner-controller/templates/auth_proxy_role.yaml
@ -1,3 +1,4 @@
+{{- if .Values.metrics.proxy.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@ -11,3 +12,4 @@ rules:
  resources:
  - subjectaccessreviews
  verbs: ["create"]
+{{- end }}
--- a/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml
+++ b/charts/actions-runner-controller/templates/auth_proxy_role_binding.yaml
@ -1,3 +1,4 @@
+{{- if .Values.metrics.proxy.enabled }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@ -10,3 +11,4 @@ subjects:
 - kind: ServiceAccount
  name: {{ include "actions-runner-controller.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
+{{- end }}
--- a/charts/actions-runner-controller/templates/controller.metrics.service.yaml
+++ b/charts/actions-runner-controller/templates/controller.metrics.service.yaml
@ -3,12 +3,12 @@ kind: Service
 metadata:
  labels:
    {{- include "actions-runner-controller.labels" . | nindent 4 }}
-  name: {{ include "actions-runner-controller.authProxyServiceName" . }}
+  name: {{ include "actions-runner-controller.metricsServiceName" . }}
  namespace: {{ .Release.Namespace }}
 spec:
  ports:
-  - name: https
-    port: 8443
-    targetPort: https
+  - name: metrics-port
+    port: {{ .Values.metrics.port }}
+    targetPort: metrics-port
  selector:
    {{- include "actions-runner-controller.selectorLabels" . | nindent 4 }}
--- a/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml
+++ b/charts/actions-runner-controller/templates/controller.metrics.serviceMonitor.yaml
@ -0,0 +1,15 @@
+{{- if .Values.metrics.serviceMonitor }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    {{- include "actions-runner-controller.labels" . | nindent 4 }}
+  name: {{ include "actions-runner-controller.serviceMonitorName" . }}
+spec:
+  endpoints:
+    - path: /metrics
+      port: metrics-port
+  selector:
+    matchLabels:
+      {{- include "actions-runner-controller.selectorLabels" . | nindent 6 }}
+{{- end }}
--- a/charts/actions-runner-controller/templates/deployment.yaml
+++ b/charts/actions-runner-controller/templates/deployment.yaml
@ -31,8 +31,9 @@ spec:
      {{- end }}
      containers:
      - args:
-        {{- $metricsHost := .Values.kube_rbac_proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }}
-        - "--metrics-addr={{ $metricsHost }}:8080"
+        {{- $metricsHost := .Values.metrics.proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }}
+        {{- $metricsPort := .Values.metrics.proxy.enabled | ternary "8080" .Values.metrics.port }}
+        - "--metrics-addr={{ $metricsHost }}:{{ $metricsPort }}"
        - "--enable-leader-election"
        - "--sync-period={{ .Values.syncPeriod }}"
        - "--docker-image={{ .Values.image.dindSidecarRepositoryAndTag }}"
@ -79,9 +80,9 @@ spec:
        - containerPort: 9443
          name: webhook-server
          protocol: TCP
-        {{- if not .Values.kube_rbac_proxy.enabled }}
-        - containerPort: 9443
-          name: https
+        {{- if not .Values.metrics.proxy.enabled }}
+        - containerPort: {{ .Values.metrics.port }}
+          name: metrics-port
          protocol: TCP
        {{- end }}
        resources:
@ -97,18 +98,18 @@ spec:
        - mountPath: /tmp/k8s-webhook-server/serving-certs
          name: cert
          readOnly: true
-      {{- if .Values.kube_rbac_proxy.enabled }}
+      {{- if .Values.metrics.proxy.enabled }}
      - args:
-        - "--secure-listen-address=0.0.0.0:8443"
+        - "--secure-listen-address=0.0.0.0:{{ .Values.metrics.port }}"
        - "--upstream=http://127.0.0.1:8080/"
        - "--logtostderr=true"
        - "--v=10"
-        image: "{{ .Values.kube_rbac_proxy.image.repository }}:{{ .Values.kube_rbac_proxy.image.tag }}"
+        image: "{{ .Values.metrics.proxy.image.repository }}:{{ .Values.metrics.proxy.image.tag }}"
        name: kube-rbac-proxy
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        ports:
-        - containerPort: 8443
-          name: https
+        - containerPort: {{ .Values.metrics.port }}
+          name: metrics-port
        resources:
          {{- toYaml .Values.resources | nindent 12 }}
        securityContext:
--- a/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.deployment.yaml
@ -32,7 +32,9 @@ spec:
      {{- end }}
      containers:
      - args:
-        - "--metrics-addr=127.0.0.1:8080"
+        {{- $metricsHost := .Values.metrics.proxy.enabled | ternary "127.0.0.1" "0.0.0.0" }}
+        {{- $metricsPort := .Values.metrics.proxy.enabled | ternary "8080" .Values.metrics.port }}
+        - "--metrics-addr={{ $metricsHost }}:{{ $metricsPort }}"
        - "--sync-period={{ .Values.githubWebhookServer.syncPeriod }}"
        {{- if .Values.githubWebhookServer.logLevel }}
        - "--log-level={{ .Values.githubWebhookServer.logLevel }}"
@ -57,25 +59,32 @@ spec:
        - containerPort: 8000
          name: http
          protocol: TCP
+        {{- if not .Values.metrics.proxy.enabled }}
+        - containerPort: {{ .Values.metrics.port }}
+          name: metrics-port
+          protocol: TCP
+        {{- end }}
        resources:
          {{- toYaml .Values.githubWebhookServer.resources | nindent 12 }}
        securityContext:
          {{- toYaml .Values.githubWebhookServer.securityContext | nindent 12 }}
+      {{- if .Values.metrics.proxy.enabled }}
      - args:
-        - "--secure-listen-address=0.0.0.0:8443"
+        - "--secure-listen-address=0.0.0.0:{{ .Values.metrics.port }}"
        - "--upstream=http://127.0.0.1:8080/"
        - "--logtostderr=true"
        - "--v=10"
-        image: "{{ .Values.kube_rbac_proxy.image.repository }}:{{ .Values.kube_rbac_proxy.image.tag }}"
+        image: "{{ .Values.metrics.proxy.image.repository }}:{{ .Values.metrics.proxy.image.tag }}"
        name: kube-rbac-proxy
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        ports:
-        - containerPort: 8443
-          name: https
+        - containerPort: {{ .Values.metrics.port }}
+          name: metrics-port
        resources:
          {{- toYaml .Values.resources | nindent 12 }}
        securityContext:
          {{- toYaml .Values.securityContext | nindent 12 }}
+      {{- end }}
      terminationGracePeriodSeconds: 10
      {{- with .Values.githubWebhookServer.nodeSelector }}
      nodeSelector:
--- a/charts/actions-runner-controller/templates/githubwebhook.service.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.service.yaml
@ -12,6 +12,11 @@ spec:
    {{ range $_, $port := .Values.githubWebhookServer.service.ports -}}
    - {{ $port | toYaml | nindent 6 }}
    {{- end }}
+    {{- if .Values.metrics.serviceMonitor }}
+    - name: metrics-port
+      port: {{ .Values.metrics.port }}
+      targetPort: metrics-port
+    {{- end }}
  selector:
    {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 4 }}
 {{- end }}
--- a/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml
+++ b/charts/actions-runner-controller/templates/githubwebhook.serviceMonitor.yaml
@ -0,0 +1,15 @@
+{{- if and .Values.githubWebhookServer.enabled .Values.metrics.serviceMonitor }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    {{- include "actions-runner-controller.labels" . | nindent 4 }}
+  name: {{ include "actions-runner-controller-github-webhook-server.serviceMonitorName" . }}
+spec:
+  endpoints:
+    - path: /metrics
+      port: metrics-port
+  selector:
+    matchLabels:
+      {{- include "actions-runner-controller-github-webhook-server.selectorLabels" . | nindent 6 }}
+{{- end }}
--- a/charts/actions-runner-controller/values.yaml
+++ b/charts/actions-runner-controller/values.yaml
@ -30,12 +30,6 @@ image:
  dindSidecarRepositoryAndTag: "docker:dind"
  pullPolicy: IfNotPresent

-kube_rbac_proxy:
-  enabled: true
-  image:
-    repository: quay.io/brancz/kube-rbac-proxy
-    tag: v0.8.0
-
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
@ -68,6 +62,15 @@ service:
  type: ClusterIP
  port: 443

+metrics:
+  serviceMonitor: false
+  port: 8443
+  proxy:
+    enabled: true
+    image:
+      repository: quay.io/brancz/kube-rbac-proxy
+      tag: v0.8.0
+
 resources:
  {}
  # We usually recommend not to specify default resources and to leave this as a conscious