diff --git a/bundle/manifests/kuadrant-operator-controller-manager-metrics-service_v1_service.yaml b/bundle/manifests/kuadrant-operator-controller-manager-metrics-service_v1_service.yaml index f24540a45..ceb4547cf 100644 --- a/bundle/manifests/kuadrant-operator-controller-manager-metrics-service_v1_service.yaml +++ b/bundle/manifests/kuadrant-operator-controller-manager-metrics-service_v1_service.yaml @@ -7,10 +7,9 @@ metadata: name: kuadrant-operator-controller-manager-metrics-service spec: ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https + - name: metrics + port: 8080 + targetPort: metrics selector: control-plane: controller-manager status: diff --git a/bundle/manifests/kuadrant-operator-manager-config_v1_configmap.yaml b/bundle/manifests/kuadrant-operator-manager-config_v1_configmap.yaml index fd49a2448..21bcda858 100644 --- a/bundle/manifests/kuadrant-operator-manager-config_v1_configmap.yaml +++ b/bundle/manifests/kuadrant-operator-manager-config_v1_configmap.yaml @@ -6,7 +6,7 @@ data: health: healthProbeBindAddress: :8081 metrics: - bindAddress: 127.0.0.1:8080 + bindAddress: :8080 webhook: port: 9443 leaderElection: diff --git a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml index e6d161e29..0431c651e 100644 --- a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml +++ b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml @@ -313,18 +313,6 @@ spec: - patch - update - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create serviceAccountName: kuadrant-operator-controller-manager deployments: - label: @@ -343,20 +331,6 @@ spec: spec: containers: - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - resources: {} - - args: - - --health-probe-bind-address=:8081 - - --metrics-bind-address=127.0.0.1:8080 - --leader-elect command: - /manager @@ -368,6 +342,9 @@ spec: initialDelaySeconds: 15 periodSeconds: 20 name: manager + ports: + - containerPort: 8080 + name: metrics readinessProbe: httpGet: path: /readyz diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index dcab6dcba..58a15590e 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -28,12 +28,14 @@ patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml +#- manager_auth_proxy_patch.yaml +- manager_metrics_patch.yaml # Mount the controller config file for loading manager configurations # through a ComponentConfig type #- manager_config_patch.yaml + # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml #- manager_webhook_patch.yaml diff --git a/config/default/manager_metrics_patch.yaml b/config/default/manager_metrics_patch.yaml new file mode 100644 index 000000000..82b0c6338 --- /dev/null +++ b/config/default/manager_metrics_patch.yaml @@ -0,0 +1,13 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + ports: + - containerPort: 8080 + name: metrics diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml index 19e14e6db..ed4ee9f7e 100644 --- a/config/manager/controller_manager_config.yaml +++ b/config/manager/controller_manager_config.yaml @@ -3,7 +3,7 @@ kind: ControllerManagerConfig health: healthProbeBindAddress: :8081 metrics: - bindAddress: 127.0.0.1:8080 + bindAddress: :8080 webhook: port: 9443 leaderElection: diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index b038c371f..9c52fcd99 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,5 +1,6 @@ resources: - manager.yaml +- metrics_service.yaml generatorOptions: disableNameSuffixHash: true diff --git a/config/manager/metrics_service.yaml b/config/manager/metrics_service.yaml new file mode 100644 index 000000000..7779d7d88 --- /dev/null +++ b/config/manager/metrics_service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-service + namespace: system +spec: + ports: + - name: metrics + port: 8080 + targetPort: metrics + selector: + control-plane: controller-manager diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index d19136ae7..b66d00e6e 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -10,11 +10,8 @@ metadata: spec: endpoints: - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true + port: metrics + scheme: http selector: matchLabels: control-plane: controller-manager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a6a..fb5a2b881 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -12,7 +12,7 @@ resources: # Comment the following 4 lines if you want to disable # the auth proxy (https://github.com/brancz/kube-rbac-proxy) # which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml +# - auth_proxy_service.yaml +# - auth_proxy_role.yaml +# - auth_proxy_role_binding.yaml +# - auth_proxy_client_clusterrole.yaml