mirrors/sidero
1
0
Fork 0
mirror of https://github.com/siderolabs/sidero.git synced 2025-09-24 23:31:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

chore: add v0.6.x to metadata, fix metrics service

Browse Source 
Part of #1070

Signed-off-by: Gerard de Leeuw <gdeleeuw@leeuwit.nl>
Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
This commit is contained in:
Gerard de Leeuw 2022-09-06 09:50:14 +02:00 committed by Andrey Smirnov
parent e433504087
commit ef65ff05a9
No known key found for this signature in database
GPG Key ID: 7B26396447AB6DFD
10 changed files with 63 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/caps-controller-manager/config/default/kustomization.yaml
View File

@ -14,6 +14,7 @@ bases:
- ../manager - ../manager
patchesStrategicMerge: patchesStrategicMerge:
- manager_auth_proxy_patch.yaml
- manager_webhook_patch.yaml - manager_webhook_patch.yaml
- webhookcainjection_patch.yaml - webhookcainjection_patch.yaml

21
app/caps-controller-manager/config/default/manager_auth_proxy_patch.yaml Normal file
View File

@ -0,0 +1,21 @@
# This patch inject a sidecar container which is an HTTP proxy for the controller manager,
# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https

1
app/caps-controller-manager/config/prometheus/monitor.yaml
View File

@ -1,4 +1,3 @@
# Prometheus Monitor Service (Metrics) # Prometheus Monitor Service (Metrics)
apiVersion: monitoring.coreos.com/v1 apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor

6
app/caps-controller-manager/config/rbac/kustomization.yaml
View File

@ -6,6 +6,6 @@ resources:
# Comment the following 3 lines if you want to disable # Comment the following 3 lines if you want to disable
# the auth proxy (https://github.com/brancz/kube-rbac-proxy) # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
# which protects your /metrics endpoint. # which protects your /metrics endpoint.
# - auth_proxy_service.yaml - auth_proxy_service.yaml
# - auth_proxy_role.yaml - auth_proxy_role.yaml
# - auth_proxy_role_binding.yaml - auth_proxy_role_binding.yaml

4
app/sidero-controller-manager/config/kustomization.yaml
View File

@ -16,13 +16,13 @@ patchesStrategicMerge:
# Protect the /metrics endpoint by putting it behind auth. # Protect the /metrics endpoint by putting it behind auth.
# Only one of manager_auth_proxy_patch.yaml and # Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled. # manager_prometheus_metrics_patch.yaml should be enabled.
#- manager_auth_proxy_patch.yaml - manager_auth_proxy_patch.yaml
# If you want your controller-manager to expose the /metrics # If you want your controller-manager to expose the /metrics
# endpoint w/o any authn/z, uncomment the following line and # endpoint w/o any authn/z, uncomment the following line and
# comment manager_auth_proxy_patch.yaml. # comment manager_auth_proxy_patch.yaml.
# Only one of manager_auth_proxy_patch.yaml and # Only one of manager_auth_proxy_patch.yaml and
# manager_prometheus_metrics_patch.yaml should be enabled. # manager_prometheus_metrics_patch.yaml should be enabled.
#- manager_prometheus_metrics_patch.yaml #- manager_prometheus_metrics_patch.yaml
- manager_webhook_patch.yaml - manager_webhook_patch.yaml
- webhookcainjection_patch.yaml - webhookcainjection_patch.yaml
vars: vars:

21
app/sidero-controller-manager/config/manager_auth_proxy_patch.yaml Normal file
View File

@ -0,0 +1,21 @@
# This patch inject a sidecar container which is an HTTP proxy for the controller manager,
# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
apiVersion: apps/v1
kind: Deployment
metadata:
name: controller-manager
namespace: system
spec:
template:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
- "--logtostderr=true"
- "--v=10"
ports:
- containerPort: 8443
name: https

4
app/sidero-controller-manager/config/prometheus/monitor.yaml
View File

@ -3,7 +3,7 @@ apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor kind: ServiceMonitor
metadata: metadata:
labels: labels:
control-plane: caps-controller-manager control-plane: sidero-controller-manager
name: metrics-monitor name: metrics-monitor
namespace: system namespace: system
spec: spec:
@ -11,4 +11,4 @@ spec:
- path: /metrics - path: /metrics
port: https port: https
selector: selector:
control-plane: caps-controller-manager control-plane: sidero-controller-manager

4
app/sidero-controller-manager/config/rbac/auth_proxy_service.yaml
View File

@ -2,7 +2,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
control-plane: caps-controller-manager control-plane: sidero-controller-manager
name: controller-manager-metrics-service name: controller-manager-metrics-service
namespace: system namespace: system
spec: spec:
@ -11,4 +11,4 @@ spec:
port: 8443 port: 8443
targetPort: https targetPort: https
selector: selector:
control-plane: caps-controller-manager control-plane: sidero-controller-manager

3
config/metadata/metadata.yaml
View File

@ -16,3 +16,6 @@ releaseSeries:
- major: 0 - major: 0
minor: 5 minor: 5
contract: v1beta1 contract: v1beta1
- major: 0
minor: 6
contract: v1beta1