Merge pull request #682 from jpeeler/metrics-add-servicemonitor

fix(metrics): add service monitor config

Author: openshift-merge-robot

cmd/catalog/main.go

@@ -53,6 +53,12 @@ var (
 		"debug", false, "use debug log level")
 
 	version = flag.Bool("version", false, "displays olm version")
+
+	tlsKeyPath = flag.String(
+		"tls-key", "", "Path to use for private key (requires tls-cert)")
+
+	tlsCertPath = flag.String(
+		"tls-cert", "", "Path to use for certificate key (requires tls-key)")
 )
 
 func init() {
@@ -83,17 +89,33 @@ func main() {
 		}
 	}
 
+	logger := log.New()
+	if *debug {
+		logger.SetLevel(log.DebugLevel)
+	}
+	logger.Infof("log level %s", logger.Level)
+
+	var useTLS bool
+	if *tlsCertPath != "" && *tlsKeyPath == "" || *tlsCertPath == "" && *tlsKeyPath != "" {
+		logger.Warn("both --tls-key and --tls-crt must be provided for TLS to be enabled, falling back to non-https")
+	} else if *tlsCertPath == "" && *tlsKeyPath == "" {
+		logger.Info("TLS keys not set, using non-https")
+	} else {
+		useTLS = true
+	}
+
 	// Serve a health check.
 	http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	})
 	go http.ListenAndServe(":8080", nil)
 
-	logger := log.New()
-	if *debug {
-		logger.SetLevel(log.DebugLevel)
+	http.Handle("/metrics", promhttp.Handler())
+	if useTLS {
+		go http.ListenAndServeTLS(":8081", *tlsCertPath, *tlsKeyPath, nil)
+	} else {
+		go http.ListenAndServe(":8081", nil)
 	}
-	logger.Infof("log level %s", logger.Level)
 
 	// create a config client for operator status
 	config, err := clientcmd.BuildConfigFromFlags("", *kubeConfigPath)
@@ -112,9 +134,6 @@ func main() {
 		log.Panicf("error configuring operator: %s", err.Error())
 	}
 
-	http.Handle("/metrics", promhttp.Handler())
-	go http.ListenAndServe(":8081", nil)
-
 	ready, done, sync := catalogOperator.Run(stopCh)
 	<-ready
 

cmd/olm/main.go

@@ -49,6 +49,12 @@ var (
 		"debug", false, "use debug log level")
 
 	version = flag.Bool("version", false, "displays olm version")
+
+	tlsKeyPath = flag.String(
+		"tls-key", "", "Path to use for private key (requires tls-cert)")
+
+	tlsCertPath = flag.String(
+		"tls-cert", "", "Path to use for certificate key (requires tls-key)")
 )
 
 func init() {
@@ -113,14 +119,27 @@ func main() {
 		log.Fatalf("error configuring operator: %s", err.Error())
 	}
 
+	var useTLS bool
+	if *tlsCertPath != "" && *tlsKeyPath == "" || *tlsCertPath == "" && *tlsKeyPath != "" {
+		logger.Warn("both --tls-key and --tls-crt must be provided for TLS to be enabled, falling back to non-https")
+	} else if *tlsCertPath == "" && *tlsKeyPath == "" {
+		logger.Info("TLS keys not set, using non-https")
+	} else {
+		useTLS = true
+	}
+
 	// Serve a health check.
 	http.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 	})
 	go http.ListenAndServe(":8080", nil)
 
 	http.Handle("/metrics", promhttp.Handler())
-	go http.ListenAndServe(":8081", nil)
+	if useTLS {
+		go http.ListenAndServeTLS(":8081", *tlsCertPath, *tlsKeyPath, nil)
+	} else {
+		go http.ListenAndServe(":8081", nil)
+	}
 
 	ready, done, sync := operator.Run(stopCh)
 	<-ready

deploy/chart/templates/0000_50_olm_00-namespace.yaml

@@ -2,12 +2,17 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: {{ .Values.namespace }}
+  {{ if and .Values.installType (eq .Values.installType "ocp") }}
   labels:
     openshift.io/run-level: "1"
+    openshift.io/cluster-monitoring: "true"
+  {{ end }}
 ---
 apiVersion: v1
 kind: Namespace
 metadata:
   name: {{ .Values.operator_namespace }}
+  {{ if and .Values.installType (eq .Values.installType "ocp") }}
   labels:
     openshift.io/run-level: "1"
+  {{ end }}

deploy/chart/templates/0000_50_olm_02-services.yaml

@@ -0,0 +1,39 @@
+{{ if and .Values.installType (eq .Values.installType "ocp") }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: olm-operator-metrics
+  namespace: {{ .Values.namespace }}
+  annotations:
+    service.alpha.openshift.io/serving-cert-secret-name: olm-operator-serving-cert
+  labels:
+    app: olm-operator
+spec:
+  type: ClusterIP
+  ports:
+  - name: https-metrics
+    port: 8081
+    protocol: TCP
+    targetPort: metrics
+  selector:
+    app: olm-operator
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: catalog-operator-metrics
+  namespace: {{ .Values.namespace }}
+  annotations:
+    service.alpha.openshift.io/serving-cert-secret-name: catalog-operator-serving-cert
+  labels:
+    app: catalog-operator
+spec:
+  type: ClusterIP
+  ports:
+  - name: https-metrics
+    port: 8081
+    protocol: TCP
+    targetPort: metrics
+  selector:
+    app: catalog-operator
+{{ end }}

deploy/chart/templates/0000_50_olm_02-clusterserviceversion.crd.yaml renamed to deploy/chart/templates/0000_50_olm_03-clusterserviceversion.crd.yaml

@@ -37,10 +37,21 @@ spec:
           - -writeStatusName
           - {{ .Values.writeStatusName }}
           {{- end }}
+          {{- if .Values.olm.tlsCertPath }}
+          - -tls-cert
+          - {{ .Values.olm.tlsCertPath }}
+          {{- end }}
+          {{- if .Values.olm.tlsKeyPath }}
+          - -tls-key
+          - {{ .Values.olm.tlsKeyPath }}
+          {{- end }}
           image: {{ .Values.olm.image.ref }}
           imagePullPolicy: {{ .Values.olm.image.pullPolicy }}
           ports:
             - containerPort: {{ .Values.olm.service.internalPort }}
+            - containerPort: 8081
+              name: metrics
+              protocol: TCP
           livenessProbe:
             httpGet:
               path: /healthz
@@ -64,6 +75,18 @@ spec:
           resources:
 {{ toYaml .Values.olm.resources | indent 12 }}
           {{- end}}
+          {{ if and .Values.installType (eq .Values.installType "ocp") }}
+          volumeMounts:
+          - mountPath: /var/run/secrets/serving-cert
+            name: serving-cert
+          {{ end }}
+      {{ if and .Values.installType (eq .Values.installType "ocp") }}
+      volumes:
+      - name: serving-cert
+        secret:
+          secretName: olm-operator-serving-cert
+          optional: true
+      {{ end }}
     {{- if .Values.olm.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.olm.nodeSelector | indent 8 }}

deploy/chart/templates/0000_50_olm_03-installplan.crd.yaml renamed to deploy/chart/templates/0000_50_olm_04-installplan.crd.yaml

@@ -39,10 +39,21 @@ spec:
           - -writeStatusName
           - {{ .Values.writeStatusNameCatalog }}
           {{- end }}
+          {{- if .Values.olm.tlsCertPath }}
+          - -tls-cert
+          - {{ .Values.olm.tlsCertPath }}
+          {{- end }}
+          {{- if .Values.olm.tlsKeyPath }}
+          - -tls-key
+          - {{ .Values.olm.tlsKeyPath }}
+          {{- end }}
           image: {{ .Values.catalog.image.ref }}
           imagePullPolicy: {{ .Values.catalog.image.pullPolicy }}
           ports:
             - containerPort: {{ .Values.catalog.service.internalPort }}
+            - containerPort: 8081
+              name: metrics
+              protocol: TCP
           livenessProbe:
             httpGet:
               path: /healthz
@@ -55,6 +66,18 @@ spec:
           resources:
 {{ toYaml .Values.catalog.resources | indent 12 }}
           {{- end}}
+          {{ if and .Values.installType (eq .Values.installType "ocp") }}
+          volumeMounts:
+          - mountPath: /var/run/secrets/serving-cert
+            name: serving-cert
+          {{ end }}
+      {{ if and .Values.installType (eq .Values.installType "ocp") }}
+      volumes:
+      - name: serving-cert
+        secret:
+          secretName: catalog-operator-serving-cert
+          optional: true
+      {{ end }}
     {{- if .Values.catalog.nodeSelector }}
       nodeSelector:
 {{ toYaml .Values.catalog.nodeSelector | indent 8 }}