Skip to content

Commit aa41aca

Browse files
FrapschenFrapschen
committed
Adding a flag to control whether auth is added to the EPP metrics server
1 parent cd0d8d2 commit aa41aca

File tree

1 file changed

+10
-2
lines changed

1 file changed

+10
-2
lines changed

cmd/epp/runner/runner.go

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ import (
3636
healthPb "google.golang.org/grpc/health/grpc_health_v1"
3737
"k8s.io/apimachinery/pkg/runtime/schema"
3838
"k8s.io/apimachinery/pkg/types"
39+
"k8s.io/client-go/rest"
3940
ctrl "sigs.k8s.io/controller-runtime"
4041
"sigs.k8s.io/controller-runtime/pkg/log"
4142
"sigs.k8s.io/controller-runtime/pkg/log/zap"
@@ -77,6 +78,7 @@ var (
7778
grpcPort = flag.Int("grpc-port", runserver.DefaultGrpcPort, "The gRPC port used for communicating with Envoy proxy")
7879
grpcHealthPort = flag.Int("grpc-health-port", runserver.DefaultGrpcHealthPort, "The port used for gRPC liveness and readiness probes")
7980
metricsPort = flag.Int("metrics-port", runserver.DefaultMetricsPort, "The metrics port")
81+
metricsAuth = flag.Bool("metrics-auth", true, "Enables secure of EPP metrics endpoint")
8082
enablePprof = flag.Bool("enable-pprof", runserver.DefaultEnablePprof, "Enables pprof handlers. Defaults to true. Set to false to disable pprof handlers.")
8183
poolName = flag.String("pool-name", runserver.DefaultPoolName, "Name of the InferencePool this Endpoint Picker is associated with.")
8284
poolGroup = flag.String("pool-group", runserver.DefaultPoolGroup, "group of the InferencePool this Endpoint Picker is associated with.")
@@ -184,8 +186,14 @@ func (r *Runner) Run(ctx context.Context) error {
184186
// - https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/metrics/server
185187
// - https://book.kubebuilder.io/reference/metrics.html
186188
metricsServerOptions := metricsserver.Options{
187-
BindAddress: fmt.Sprintf(":%d", *metricsPort),
188-
FilterProvider: filters.WithAuthenticationAndAuthorization,
189+
BindAddress: fmt.Sprintf(":%d", *metricsPort),
190+
FilterProvider: func() func(c *rest.Config, httpClient *http.Client) (metricsserver.Filter, error) {
191+
if *metricsAuth {
192+
return filters.WithAuthenticationAndAuthorization
193+
}
194+
195+
return nil
196+
}(),
189197
}
190198

191199
// Determine pool namespace: if --pool-namespace is non-empty, use it; else NAMESPACE env var; else default

0 commit comments

Comments
 (0)