chore(RHTAPWATCH-568): Add authentication to Service and ServiceMonitor

Signed-off-by: Kousalya Lakshmanan <[email protected]>
redhat-appstudio · Jan 30, 2024 · c003e1e · c003e1e
1 parent 5c8e7b4
commit c003e1e
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 24 deletions.
diff --git a/config/exporters/monitoring/grafana/base/prometheus-exporter-service-monitor.yaml b/config/exporters/monitoring/grafana/base/prometheus-exporter-service-monitor.yaml
@@ -0,0 +1,56 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: availability-exporter-sa
+  namespace: appstudio-grafana-datasource-exporter
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: availability-exporter-sa
+  namespace: appstudio-grafana-datasource-exporter
+  annotations:
+    kubernetes.io/service-account.name: availability-exporter-sa
+type: kubernetes.io/service-account-token
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: availability-exporter-cluster-role
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: availability-exporter-cluster-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: availability-exporter-cluster-role
+subjects:
+- kind: ServiceAccount
+  name: availability-exporter-sa
+  namespace: appstudio-grafana-datasource-exporter
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: availability-metrics-reader
+  namespace: appstudio-grafana-datasource-exporter
+spec:
+  endpoints:
+  - path: /metrics
+    port: https
+    scheme: https
+    bearerTokenSecret:
+      name: "availability-exporter-sa"
+      key: token
+    tlsConfig:
+      insecureSkipVerify: true
+  selector:
+    matchLabels:
+      app: grafana-datasource-exporter
diff --git a/config/exporters/monitoring/grafana/base/prometheus-exporter-service.yaml b/config/exporters/monitoring/grafana/base/prometheus-exporter-service.yaml
@@ -41,9 +41,9 @@ metadata:
     app: grafana-datasource-exporter
 spec:
   ports:
-  - name: http
-    port: 8090
-    targetPort: http
+  - name: https
+    port: 8443
+    targetPort: https
   selector:
     app: grafana-datasource-exporter
 ---
@@ -65,31 +65,18 @@ spec:
       serviceAccountName: exporter-sa
       containers:
       - name: grafana-datasource-exporter
-        image: exporter:latest
+        image: quay.io/redhat-appstudio/o11y-prometheus-exporters:v0.1
         ports:
-        - containerPort: 8090
-          name: http
+        - containerPort: 8443
+          name: https
         resources:
           limits:
             cpu: 100m
-            memory: 100Mi
+            memory: 200Mi
           requests:
             cpu: 100m
-            memory: 10Mi
+            memory: 200Mi
         securityContext:
+          allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
           runAsNonRoot: true
----
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: metrics-reader-test
-  namespace: appstudio-grafana-datasource-exporter
-spec:
-  endpoints:
-  - path: /metrics
-    port: http
-    scheme: http
-  selector:
-    matchLabels:
-      app: grafana-datasource-exporter
diff --git a/exporters/dsexporter/dsexporter.go b/exporters/dsexporter/dsexporter.go
@@ -43,13 +43,14 @@ func main() {
 	exporter := NewCustomCollector()
 	reg.MustRegister(exporter)
 
+	fmt.Println("Server is listening on http://localhost:8443/metrics")
+
 	http.Handle("/metrics", promhttp.HandlerFor(
 		reg,
 		promhttp.HandlerOpts{
 			EnableOpenMetrics: true,
 			Registry:          reg,
 		},
 	))
-	fmt.Println("Server is listening on http://localhost:8090/metrics")
-	http.ListenAndServe(":8090", nil)
+	http.ListenAndServe(":8443", nil)
 }