Skip to content

Adding a flag to control whether auth is added to the EPP metrics server #1639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Adding a flag to control whether auth is added to the EPP metrics server #1639

wants to merge 7 commits into from
+46 −30

Conversation

Frapschen
Copy link
Contributor

@Frapschen Frapschen commented Sep 23, 2025
edited
Loading

What type of PR is this?
/kind feature

What this PR does / why we need it:

Add a --metrics-endpoint-auth flag to control whether to add auth to the EPP metrics server

Which issue(s) this PR fixes:

Fixes #1637

Does this PR introduce a user-facing change?:

Add a `--metrics-endpoint-auth=false` flag to control whether to add auth to the EPP metrics server

Add --metrics-endpoint-auth=false to your command line when you need to disable the auth of EPP metrics server in local dev.

@k8s-ci-robot k8s-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Sep 23, 2025
@netlify Netlify
Copy link

netlify bot commented Sep 23, 2025
edited
Loading

Deploy Preview for gateway-api-inference-extension ready!

Name Link
🔨 Latest commit 3a3cf79
🔍 Latest deploy log https://app.netlify.com/projects/gateway-api-inference-extension/deploys/68db5315468a51000839450d
😎 Deploy Preview https://deploy-preview-1639--gateway-api-inference-extension.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Sep 23, 2025
@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Sep 23, 2025
@k8s-ci-robot
Copy link
Contributor

Hi @Frapschen. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Sep 23, 2025
@liu-cong
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Sep 23, 2025
liu-cong
liu-cong reviewed Sep 23, 2025
View reviewed changes
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 23, 2025
@liu-cong
Copy link
Contributor

/lgtm

cc @ahg-g @JeffLuoo This is a nice to have IMO

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 23, 2025
@JeffLuoo
Copy link
Contributor

/lgtm

As long as we keep the flag default to on, I think should be good.

ahg-g
ahg-g reviewed Sep 23, 2025
View reviewed changes
ahg-g
ahg-g reviewed Sep 23, 2025
View reviewed changes
@nirrozenbaum
Copy link
Contributor

nirrozenbaum commented Sep 23, 2025
edited
Loading

if metrics is not checking auth can we add a conditional to helm not to install the cluster role?
this may help in quick setup when people have admin permission only for a namespace

@Frapschen
Copy link
Contributor Author

@JeffLuoo Any reason we use PodMonitor in gke.yaml and use ServiceMonitor in epp-servicemonitor.yaml

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Sep 24, 2025
@k8s-ci-robot
Copy link
Contributor

New changes are detected. LGTM label has been removed.

@Frapschen
Copy link
Contributor Author

@nirrozenbaum I have updated the chart template and applied some enhancements.

@JeffLuoo
Copy link
Contributor

@JeffLuoo Any reason we use PodMonitor in gke.yaml and use ServiceMonitor in epp-servicemonitor.yaml

ServiceMonitor is from native Prometheus Operator. PodMonitor is the CRD from Google Managed Prometheus and GKE deploys the Google Managed Prometheus by default in the cluster.

@nirrozenbaum
Copy link
Contributor

@JeffLuoo Any reason we use PodMonitor in gke.yaml and use ServiceMonitor in epp-servicemonitor.yaml

ServiceMonitor is from native Prometheus Operator. PodMonitor is the CRD from Google Managed Prometheus and GKE deploys the Google Managed Prometheus by default in the cluster.

I think gke PodMonitor was added before the ServiceMonitor. do we really need both?

@JeffLuoo
Copy link
Contributor

@JeffLuoo Any reason we use PodMonitor in gke.yaml and use ServiceMonitor in epp-servicemonitor.yaml

ServiceMonitor is from native Prometheus Operator. PodMonitor is the CRD from Google Managed Prometheus and GKE deploys the Google Managed Prometheus by default in the cluster.

I think gke PodMonitor was added before the ServiceMonitor. do we really need both?

Yes. we still need both as PodMonitor is mostly used by GKE unless other cloud provider of Kubernetes want to use Google Managed Prometheus (which I don't see it as the case for now). So other provider will use ServiceMonitor from Prometheus-Operator.

@Frapschen Frapschen mentioned this pull request Sep 25, 2025
Closed
11 tasks
JeffLuoo
JeffLuoo reviewed Sep 29, 2025
View reviewed changes
@Frapschen Frapschen force-pushed the add-model-server-metrics-auth-flag branch from fd3c898 to 4c67c4f Compare September 29, 2025 14:27
@Frapschen Frapschen requested a review from JeffLuoo September 29, 2025 14:29
JeffLuoo
JeffLuoo reviewed Sep 29, 2025
View reviewed changes
@Frapschen Frapschen requested a review from JeffLuoo September 30, 2025 01:53
@Frapschen Frapschen force-pushed the add-model-server-metrics-auth-flag branch from 520b679 to 3a3cf79 Compare September 30, 2025 03:48
@Frapschen Frapschen requested a review from ahg-g September 30, 2025 03:48
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Frapschen, JeffLuoo
Once this PR has been reviewed and has the lgtm label, please assign danehans for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elevran elevran Awaiting requested review from elevran

@liu-cong liu-cong Awaiting requested review from liu-cong

@ahg-g ahg-g Awaiting requested review from ahg-g

1 more reviewer

@JeffLuoo JeffLuoo JeffLuoo approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@liu-cong liu-cong

@JeffLuoo JeffLuoo

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Adding a flag to control whether auth is added to the EPP metrics server
6 participants
@Frapschen @k8s-ci-robot @liu-cong @JeffLuoo @nirrozenbaum @ahg-g