CNF-11234: Enable RTE metrics to be scraped securely by Prometheus #1035
Commits on Oct 6, 2024
-
Signed-off-by: Ronny Baturov <[email protected]>
-
Ensure that NROP metrics are served securely
This commit consist of the following changes: * Reenabled kube-rbac-proxy sidecar container to securely expose the /metrics endpoint for Prometheus scraping. * Added a secret to enforce HTTPS-only access to the /metrics endpoint, restricted to the Prometheus service account. * modified ServiceMonitor resource to enable Prometheus pods to scrape metrics. * Added an annotation to the deployment Service, which is monitored by the Service CA operator. This operator will generate the tls.key and tls.crt files inside the secret-kube-rbac-proxy-tls secret, which is used by the kube-rbac-proxy container. * Added Role and RoleBinding resources to grant the necessary permissions to the Prometheus service account. Most of this configuration was based on this guide: https://rhobs-handbook.netlify.app/products/openshiftmonitoring/collecting_metrics.md/ Signed-off-by: Ronny Baturov <[email protected]>
-
make generate bundle manifests
Signed-off-by: Ronny Baturov <[email protected]>
-
Enabled RTE metrics server by default
Signed-off-by: Ronny Baturov <[email protected]>
-
Added sidecar to RTE DaemonSet
This allows injecting the kube-rbac-proxy container into the RTE DaemonSet before deployment. Signed-off-by: Ronny Baturov <[email protected]>
-
Enable pulling sidecar image from operator
Added functionality to pull the kube-proxy-sidecar image by default, using the same image as the operator. Signed-off-by: Ronny Baturov <[email protected]>
-
Added RTE metrics package and manifests
We will use the pkg/metrics to generate the needed metrics manifests to be applied by the operator. Signed-off-by: Ronny Baturov <[email protected]>
-
Add rule to operator ClusterRole to manage Service resource
As part of enabling metrics for RTE, a Service resource is created during the deployment of the RTE metrics manifests by the operator. This commit grants the operator pod the necessary permissions to deploy the Service CR. Signed-off-by: Ronny Baturov <[email protected]>
-
* Integrating RTE metrics manifests to be deployed by the operator * This adds unit test for metrics components creation Signed-off-by: Ronny Baturov <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.