Enable builtin metrics and add default ServiceMonitor (kyverno#159)

* Create sync-from-upstream.yaml Signed-off-by: Zach Stone <[email protected]> * Update sync-from-upstream.yaml Signed-off-by: Zach Stone <[email protected]> * fix(charts): remove erroneous 'metadata' key from ClusterRole object (kyverno#119) Signed-off-by: Mike Dougherty <[email protected]> Co-authored-by: Jim Bugwadia <[email protected]> Signed-off-by: Zach Stone <[email protected]> * Enable metrics endpoint and add service monitor Signed-off-by: Zach Stone <[email protected]> * Update generated install Signed-off-by: Zach Stone <[email protected]> * Do not enable ServiceMonitor by default Signed-off-by: Zach Stone <[email protected]> * Rerun codegen Signed-off-by: Zach Stone <[email protected]> --------- Signed-off-by: Zach Stone <[email protected]> Signed-off-by: Mike Dougherty <[email protected]> Co-authored-by: Mike Dougherty <[email protected]> Co-authored-by: Jim Bugwadia <[email protected]>
giantswarm · Jul 10, 2024 · a52d85d · a52d85d
1 parent ca35f64
commit a52d85d
Show file tree

Hide file tree

Showing 6 changed files with 71 additions and 0 deletions.
diff --git a/charts/reports-server/README.md b/charts/reports-server/README.md
@@ -44,6 +44,13 @@ helm install reports-server --namespace reports-server --create-namespace report
 | securityContext | object | See [values.yaml](values.yaml) | Container security context |
 | livenessProbe | object | `{"failureThreshold":10,"httpGet":{"path":"/livez","port":"https","scheme":"HTTPS"},"initialDelaySeconds":20,"periodSeconds":10}` | Liveness probe |
 | readinessProbe | object | `{"failureThreshold":10,"httpGet":{"path":"/readyz","port":"https","scheme":"HTTPS"},"initialDelaySeconds":30,"periodSeconds":10}` | Readiness probe |
+| metrics.enabled | bool | `true` | Enable prometheus metrics |
+| metrics.serviceMonitor.enabled | bool | `false` | Enable service monitor for scraping prometheus metrics |
+| metrics.serviceMonitor.additionalLabels | object | `{}` | Service monitor additional labels |
+| metrics.serviceMonitor.interval | string | `""` | Service monitor scrape interval |
+| metrics.serviceMonitor.metricRelabelings | list | `[]` | Service monitor metric relabelings |
+| metrics.serviceMonitor.relabelings | list | `[]` | Service monitor relabelings |
+| metrics.serviceMonitor.scrapeTimeout | string | `""` | Service monitor scrape timeout |
 | resources.limits | string | `nil` | Container resource limits |
 | resources.requests | string | `nil` | Container resource requests |
 | autoscaling.enabled | bool | `false` | Enable autoscaling |

diff --git a/charts/reports-server/templates/deployment.yaml b/charts/reports-server/templates/deployment.yaml
@@ -51,6 +51,9 @@ spec:
             {{- end }}
             - --cert-dir=/tmp
             - --secure-port=4443
+            {{- if .Values.metrics.enabled }}
+            - --authorization-always-allow-paths=/metrics
+            {{- end }}
           {{- if .Values.config.db.secretName }}
           env:
             - name: DB_HOST

diff --git a/charts/reports-server/templates/service-monitor.yaml b/charts/reports-server/templates/service-monitor.yaml
@@ -0,0 +1,36 @@
+{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "reports-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "reports-server.labels" . | nindent 4 }}
+    {{- with .Values.metrics.serviceMonitor.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "reports-server.selectorLabels" . | nindent 6 }}
+  endpoints:
+    - port: https
+      path: /metrics
+      scheme: https
+      tlsConfig:
+        insecureSkipVerify: true
+      {{- if .Values.metrics.serviceMonitor.interval}}
+      interval: {{ .Values.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.metrics.serviceMonitor.scrapeTimeout}}
+      scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}  
+      {{- with .Values.metrics.serviceMonitor.metricRelabelings }}
+      metricRelabelings:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.metrics.serviceMonitor.relabelings }}
+      relabelings:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end -}}
diff --git a/charts/reports-server/values.yaml b/charts/reports-server/values.yaml
@@ -98,6 +98,29 @@ readinessProbe:
     port: https
     scheme: HTTPS
 
+metrics:
+  # -- Enable prometheus metrics
+  enabled: true
+
+  serviceMonitor:
+    # -- Enable service monitor for scraping prometheus metrics
+    enabled: false
+
+    # -- Service monitor additional labels
+    additionalLabels: {}
+
+    # -- Service monitor scrape interval
+    interval: ""
+
+    # -- Service monitor metric relabelings
+    metricRelabelings: []
+
+    # -- Service monitor relabelings
+    relabelings: []
+
+    # -- Service monitor scrape timeout
+    scrapeTimeout: ""
+
 # We usually recommend not to specify default resources and to leave this as a conscious
 # choice for the user. This also increases chances charts run on environments with little
 # resources, such as Minikube. If you do want to specify resources, uncomment the following

diff --git a/config/install-inmemory.yaml b/config/install-inmemory.yaml
@@ -172,6 +172,7 @@ spec:
             - --debug
             - --cert-dir=/tmp
             - --secure-port=4443
+            - --authorization-always-allow-paths=/metrics
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:

diff --git a/config/install.yaml b/config/install.yaml
@@ -267,6 +267,7 @@ spec:
             - --dbsslcert=
             - --cert-dir=/tmp
             - --secure-port=4443
+            - --authorization-always-allow-paths=/metrics
           securityContext:
             allowPrivilegeEscalation: false
             capabilities: