diff --git a/.github/workflows/test-sample-go.yml b/.github/workflows/test-sample-go.yml index debc8f909b..3cc487a34a 100644 --- a/.github/workflows/test-sample-go.yml +++ b/.github/workflows/test-sample-go.yml @@ -24,9 +24,9 @@ jobs: run: | KUSTOMIZATION_FILE_PATH="testdata/project-v4/config/default/kustomization.yaml" sed -i '25s/^#//' $KUSTOMIZATION_FILE_PATH - sed -i '27s/^#//' $KUSTOMIZATION_FILE_PATH - sed -i '42s/^#//' $KUSTOMIZATION_FILE_PATH - sed -i '46,142s/^#//' $KUSTOMIZATION_FILE_PATH + sed -i '32s/^#//' $KUSTOMIZATION_FILE_PATH + sed -i '47s/^#//' $KUSTOMIZATION_FILE_PATH + sed -i '51,147s/^#//' $KUSTOMIZATION_FILE_PATH - name: Test run: | diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/default/kustomization.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/default/kustomization.yaml index a90721e62b..cebb877bd8 100644 --- a/docs/book/src/component-config-tutorial/testdata/project/config/default/kustomization.yaml +++ b/docs/book/src/component-config-tutorial/testdata/project/config/default/kustomization.yaml @@ -25,12 +25,17 @@ resources: #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus +# [METRICS] To enable the controller manager metrics service, uncomment the following line. +#- metrics_service.yaml -patches: +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager +#patches: # [METRICS] The following patch will enable the metrics endpoint. Ensure that you also protect this endpoint. # More info: https://book.kubebuilder.io/reference/metrics # If you want to expose the metric endpoint of your controller-manager uncomment the following line. #- path: manager_metrics_patch.yaml +# target: +# kind: Deployment # Mount the controller config file for loading manager configurations # through a ComponentConfig type diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/default/manager_metrics_patch.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/default/manager_metrics_patch.yaml index ee197d3f71..6c546ae4ca 100644 --- a/docs/book/src/component-config-tutorial/testdata/project/config/default/manager_metrics_patch.yaml +++ b/docs/book/src/component-config-tutorial/testdata/project/config/default/manager_metrics_patch.yaml @@ -1,13 +1,4 @@ # This patch adds the args to allow exposing the metrics endpoint securely -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--metrics-bind-address=0.0.0.0:8080" +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8080 diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/rbac/metrics_service.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/default/metrics_service.yaml similarity index 100% rename from docs/book/src/component-config-tutorial/testdata/project/config/rbac/metrics_service.yaml rename to docs/book/src/component-config-tutorial/testdata/project/config/default/metrics_service.yaml diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/rbac/kustomization.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/rbac/kustomization.yaml index 20b2e1d12a..dbe85fff6f 100644 --- a/docs/book/src/component-config-tutorial/testdata/project/config/rbac/kustomization.yaml +++ b/docs/book/src/component-config-tutorial/testdata/project/config/rbac/kustomization.yaml @@ -9,7 +9,6 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -- metrics_service.yaml # For each CRD, "Editor" and "Viewer" roles are scaffolded by # default, aiding admins in cluster management. Those roles are # not used by the Project itself. You can comment the following lines diff --git a/docs/book/src/cronjob-tutorial/testdata/project/cmd/main.go b/docs/book/src/cronjob-tutorial/testdata/project/cmd/main.go index 4e18997c49..4791601209 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/cmd/main.go +++ b/docs/book/src/cronjob-tutorial/testdata/project/cmd/main.go @@ -76,7 +76,8 @@ func main() { var probeAddr string var secureMetrics bool var enableHTTP2 bool - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metric endpoint binds to. "+ + "Use the port :8080. If not set, it will be '0 in order to disable the metrics server") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml index 9cd07c6181..c70440ce66 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/config/default/kustomization.yaml @@ -25,12 +25,17 @@ resources: - ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. - ../prometheus +# [METRICS] To enable the controller manager metrics service, uncomment the following line. +#- metrics_service.yaml +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager patches: # [METRICS] The following patch will enable the metrics endpoint. Ensure that you also protect this endpoint. # More info: https://book.kubebuilder.io/reference/metrics # If you want to expose the metric endpoint of your controller-manager uncomment the following line. #- path: manager_metrics_patch.yaml +# target: +# kind: Deployment # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/default/manager_metrics_patch.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/default/manager_metrics_patch.yaml index ee197d3f71..6c546ae4ca 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/config/default/manager_metrics_patch.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/config/default/manager_metrics_patch.yaml @@ -1,13 +1,4 @@ # This patch adds the args to allow exposing the metrics endpoint securely -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--metrics-bind-address=0.0.0.0:8080" +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8080 diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/rbac/metrics_service.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/default/metrics_service.yaml similarity index 100% rename from docs/book/src/cronjob-tutorial/testdata/project/config/rbac/metrics_service.yaml rename to docs/book/src/cronjob-tutorial/testdata/project/config/default/metrics_service.yaml diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/manager/manager.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/manager/manager.yaml index c51cb2471d..1bb9d5a648 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/config/manager/manager.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/config/manager/manager.yaml @@ -63,7 +63,6 @@ spec: args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 image: controller:latest name: manager securityContext: diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/rbac/kustomization.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/rbac/kustomization.yaml index 09d2ee4d60..46cb71e7bf 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/config/rbac/kustomization.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/config/rbac/kustomization.yaml @@ -9,7 +9,6 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -- metrics_service.yaml # For each CRD, "Editor" and "Viewer" roles are scaffolded by # default, aiding admins in cluster management. Those roles are # not used by the Project itself. You can comment the following lines diff --git a/docs/book/src/getting-started/testdata/project/cmd/main.go b/docs/book/src/getting-started/testdata/project/cmd/main.go index 107c513776..4080fea876 100644 --- a/docs/book/src/getting-started/testdata/project/cmd/main.go +++ b/docs/book/src/getting-started/testdata/project/cmd/main.go @@ -57,7 +57,8 @@ func main() { var probeAddr string var secureMetrics bool var enableHTTP2 bool - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metric endpoint binds to. "+ + "Use the port :8080. If not set, it will be '0 in order to disable the metrics server") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ diff --git a/docs/book/src/getting-started/testdata/project/config/default/kustomization.yaml b/docs/book/src/getting-started/testdata/project/config/default/kustomization.yaml index 3e7e6da453..7042e87ebd 100644 --- a/docs/book/src/getting-started/testdata/project/config/default/kustomization.yaml +++ b/docs/book/src/getting-started/testdata/project/config/default/kustomization.yaml @@ -25,12 +25,17 @@ resources: #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus +# [METRICS] To enable the controller manager metrics service, uncomment the following line. +#- metrics_service.yaml -patches: +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager +#patches: # [METRICS] The following patch will enable the metrics endpoint. Ensure that you also protect this endpoint. # More info: https://book.kubebuilder.io/reference/metrics # If you want to expose the metric endpoint of your controller-manager uncomment the following line. #- path: manager_metrics_patch.yaml +# target: +# kind: Deployment # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml diff --git a/docs/book/src/getting-started/testdata/project/config/default/manager_metrics_patch.yaml b/docs/book/src/getting-started/testdata/project/config/default/manager_metrics_patch.yaml index ee197d3f71..6c546ae4ca 100644 --- a/docs/book/src/getting-started/testdata/project/config/default/manager_metrics_patch.yaml +++ b/docs/book/src/getting-started/testdata/project/config/default/manager_metrics_patch.yaml @@ -1,13 +1,4 @@ # This patch adds the args to allow exposing the metrics endpoint securely -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--metrics-bind-address=0.0.0.0:8080" +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8080 diff --git a/docs/book/src/getting-started/testdata/project/config/rbac/metrics_service.yaml b/docs/book/src/getting-started/testdata/project/config/default/metrics_service.yaml similarity index 100% rename from docs/book/src/getting-started/testdata/project/config/rbac/metrics_service.yaml rename to docs/book/src/getting-started/testdata/project/config/default/metrics_service.yaml diff --git a/docs/book/src/getting-started/testdata/project/config/manager/manager.yaml b/docs/book/src/getting-started/testdata/project/config/manager/manager.yaml index 602974cc5f..6f7b81dd6e 100644 --- a/docs/book/src/getting-started/testdata/project/config/manager/manager.yaml +++ b/docs/book/src/getting-started/testdata/project/config/manager/manager.yaml @@ -63,7 +63,6 @@ spec: args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 image: controller:latest name: manager env: diff --git a/docs/book/src/getting-started/testdata/project/config/rbac/kustomization.yaml b/docs/book/src/getting-started/testdata/project/config/rbac/kustomization.yaml index a8f1075285..75c7d0c2b4 100644 --- a/docs/book/src/getting-started/testdata/project/config/rbac/kustomization.yaml +++ b/docs/book/src/getting-started/testdata/project/config/rbac/kustomization.yaml @@ -9,7 +9,6 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -- metrics_service.yaml # For each CRD, "Editor" and "Viewer" roles are scaffolded by # default, aiding admins in cluster management. Those roles are # not used by the Project itself. You can comment the following lines diff --git a/docs/book/src/reference/metrics.md b/docs/book/src/reference/metrics.md index f6d949990c..b9a68547dd 100644 --- a/docs/book/src/reference/metrics.md +++ b/docs/book/src/reference/metrics.md @@ -45,10 +45,18 @@ Further information can be found bellow in this document. First, you will need enable the Metrics by uncommenting the following line in the file `config/default/kustomization.yaml`, see: -```sh -# [Metrics] The following patch will enable the metrics endpoint. -# Ensure that you also protect this endpoint. +```yaml +# [METRICS] To enable the controller manager metrics service, uncomment the following line. +#- metrics_service.yaml +``` + +```yaml +# [METRICS] The following patch will enable the metrics endpoint. Ensure that you also protect this endpoint. +# More info: https://book.kubebuilder.io/reference/metrics +# If you want to expose the metric endpoint of your controller-manager uncomment the following line. #- path: manager_metrics_patch.yaml +# target: +# kind: Deployment ``` Note that projects are scaffolded by default passing the flag `--metrics-bind-address=0` @@ -76,7 +84,7 @@ Integrating `cert-manager` with your metrics service can secure the endpoint via To modify your project setup to expose metrics using HTTPS with the help of cert-manager, you'll need to change the configuration of both -the `Service` under `config/rbac/metrics_service.yaml` and +the `Service` under `config/default/metrics_service.yaml` and the `ServiceMonitor` under `config/prometheus/monitor.yaml` to use a secure HTTPS port and ensure the necessary certificate is applied. diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/init.go b/pkg/plugins/common/kustomize/v2/scaffolds/init.go index cc034727e1..61980a5b62 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/init.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/init.go @@ -64,7 +64,7 @@ func (s *initScaffolder) Scaffold() error { templates := []machinery.Builder{ &rbac.Kustomization{}, - &rbac.MetricsService{}, + &kdefault.MetricsService{}, &rbac.RoleBinding{}, // We need to create a Role because if the project // has not CRD define the controller-gen will not generate this file diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go index c676a35701..e3211b3f4d 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/kustomization.go @@ -71,12 +71,17 @@ resources: #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus +# [METRICS] To enable the controller manager metrics service, uncomment the following line. +#- metrics_service.yaml -patches: +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager +#patches: # [METRICS] The following patch will enable the metrics endpoint. Ensure that you also protect this endpoint. # More info: https://book.kubebuilder.io/reference/metrics # If you want to expose the metric endpoint of your controller-manager uncomment the following line. #- path: manager_metrics_patch.yaml +# target: +# kind: Deployment {{ if .ComponentConfig -}} # Mount the controller config file for loading manager configurations diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/enable_matrics_patch.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/manager_metrics_patch.go similarity index 85% rename from pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/enable_matrics_patch.go rename to pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/manager_metrics_patch.go index d403c55776..8513a151dd 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/enable_matrics_patch.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/manager_metrics_patch.go @@ -44,16 +44,7 @@ func (f *ManagerMetricsPatch) SetTemplateDefaults() error { } const kustomizeMetricsPatchTemplate = `# This patch adds the args to allow exposing the metrics endpoint securely -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--metrics-bind-address=0.0.0.0:8080" +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8080 ` diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/metrics_service.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/metrics_service.go similarity index 94% rename from pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/metrics_service.go rename to pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/metrics_service.go index 8ab5b4d6c3..9c37fb0f2f 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/metrics_service.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/kdefault/metrics_service.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package rbac +package kdefault import ( "path/filepath" @@ -33,7 +33,7 @@ type MetricsService struct { // SetTemplateDefaults implements file.Template func (f *MetricsService) SetTemplateDefaults() error { if f.Path == "" { - f.Path = filepath.Join("config", "rbac", "metrics_service.yaml") + f.Path = filepath.Join("config", "default", "metrics_service.yaml") } f.TemplateBody = metricsServiceTemplate diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go index cf8b603679..c3d9f515a9 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/config.go @@ -111,7 +111,6 @@ spec: args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 {{- end }} image: {{ .Image }} name: manager diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/kustomization.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/kustomization.go index b2ce8b8ebc..1b5a1f05e6 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/kustomization.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/kustomization.go @@ -53,5 +53,4 @@ const kustomizeRBACTemplate = `resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -- metrics_service.yaml ` diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/webhook.go b/pkg/plugins/common/kustomize/v2/scaffolds/webhook.go index 976a2c7018..06d12435bc 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/webhook.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/webhook.go @@ -98,6 +98,15 @@ func (s *webhookScaffolder) Scaffold() error { } } + err = pluginutil.UncommentCode(kustomizeFilePath, "#patches:", `#`) + if err != nil { + hasWebHookUncommented, err := pluginutil.HasFragment(kustomizeFilePath, "patches:") + if !hasWebHookUncommented || err != nil { + log.Errorf("Unable to find the line '#patches:' to uncomment in the file "+ + "%s.", kustomizeFilePath) + } + } + err = pluginutil.UncommentCode(kustomizeFilePath, "#- path: manager_webhook_patch.yaml", `#`) if err != nil { hasWebHookUncommented, err := pluginutil.HasFragment(kustomizeFilePath, "- path: manager_webhook_patch.yaml") diff --git a/pkg/plugins/golang/v4/scaffolds/internal/templates/main.go b/pkg/plugins/golang/v4/scaffolds/internal/templates/main.go index 308bd92c76..858dce028d 100644 --- a/pkg/plugins/golang/v4/scaffolds/internal/templates/main.go +++ b/pkg/plugins/golang/v4/scaffolds/internal/templates/main.go @@ -224,7 +224,8 @@ func main() { var probeAddr string var secureMetrics bool var enableHTTP2 bool - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metric endpoint binds to. " + + "Use the port :8080. If not set, it will be '0 in order to disable the metrics server") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. " + diff --git a/test/e2e/v4/generate_test.go b/test/e2e/v4/generate_test.go index 544b672624..5fd4cb8dfa 100644 --- a/test/e2e/v4/generate_test.go +++ b/test/e2e/v4/generate_test.go @@ -65,7 +65,10 @@ func GenerateV4(kbc *utils.TestContext) { "#- path: webhookcainjection_patch.yaml", "#")).To(Succeed()) ExpectWithOffset(1, pluginutil.UncommentCode( filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), - "#- path: manager_metrics_patch.yaml", "#")).To(Succeed()) + "#- metrics_service.yaml", "#")).To(Succeed()) + ExpectWithOffset(1, pluginutil.UncommentCode( + filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), + metricsTarget, "#")).To(Succeed()) ExpectWithOffset(1, pluginutil.UncommentCode(filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), certManagerTarget, "#")).To(Succeed()) @@ -120,12 +123,18 @@ func GenerateV4WithoutWebhooks(kbc *utils.TestContext) { initingTheProject(kbc) creatingAPI(kbc) + ExpectWithOffset(1, pluginutil.UncommentCode( + filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), + "#patches:", "#")).To(Succeed()) ExpectWithOffset(1, pluginutil.UncommentCode( filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), "#- ../prometheus", "#")).To(Succeed()) ExpectWithOffset(1, pluginutil.UncommentCode( filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), - "#- path: manager_metrics_patch.yaml", "#")).To(Succeed()) + "#- metrics_service.yaml", "#")).To(Succeed()) + ExpectWithOffset(1, pluginutil.UncommentCode( + filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), + metricsTarget, "#")).To(Succeed()) if kbc.IsRestricted { By("uncomment kustomize files to ensure that pods are restricted") @@ -166,6 +175,10 @@ func initingTheProject(kbc *utils.TestContext) { ExpectWithOffset(1, err).NotTo(HaveOccurred()) } +const metricsTarget = `#- path: manager_metrics_patch.yaml +# target: +# kind: Deployment` + //nolint:lll const certManagerTarget = `#replacements: # - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs diff --git a/test/e2e/v4/plugin_cluster_test.go b/test/e2e/v4/plugin_cluster_test.go index b8f1ae4c64..ba64179725 100644 --- a/test/e2e/v4/plugin_cluster_test.go +++ b/test/e2e/v4/plugin_cluster_test.go @@ -163,6 +163,18 @@ func Run(kbc *utils.TestContext, hasWebhook, isToUseInstaller, hasMetrics bool) }() EventuallyWithOffset(1, verifyControllerUp, time.Minute, time.Second).Should(Succeed()) + By("Checking if all flags are applied to the manager pod") + podOutput, err := kbc.Kubectl.Get( + true, + "pod", controllerPodName, + "-o", "jsonpath={.spec.containers[0].args}", + ) + ExpectWithOffset(1, err).NotTo(HaveOccurred()) + ExpectWithOffset(1, podOutput).To(ContainSubstring("leader-elect"), + "Expected manager pod to have --leader-elect flag") + ExpectWithOffset(1, podOutput).To(ContainSubstring("health-probe-bind-address"), + "Expected manager pod to have --health-probe-bind-address flag") + By("validating the metrics endpoint") _ = curlMetrics(kbc, hasMetrics) @@ -266,66 +278,47 @@ func Run(kbc *utils.TestContext, hasWebhook, isToUseInstaller, hasMetrics bool) // curlMetrics curl's the /metrics endpoint, returning all logs once a 200 status is returned. func curlMetrics(kbc *utils.TestContext, hasMetrics bool) string { - By("validating that the controller-manager service is available") - _, err := kbc.Kubectl.Get( - true, - "service", fmt.Sprintf("e2e-%s-controller-manager-metrics-service", kbc.TestSuffix), - ) - ExpectWithOffset(2, err).NotTo(HaveOccurred(), "Controller-manager service should exist") - - By("validating that the controller-manager deployment is ready") - verifyDeploymentReady := func() error { - output, err := kbc.Kubectl.Get( + var metricsOutput string + if hasMetrics { + By("validating that the controller-manager service is available") + _, err := kbc.Kubectl.Get( true, - "deployment", fmt.Sprintf("e2e-%s-controller-manager", kbc.TestSuffix), - "-o", "jsonpath={.status.readyReplicas}", + "service", fmt.Sprintf("e2e-%s-controller-manager-metrics-service", kbc.TestSuffix), ) - if err != nil { - return err - } - readyReplicas, _ := strconv.Atoi(output) - if readyReplicas < 1 { - return fmt.Errorf("expected at least 1 ready replica, got %d", readyReplicas) - } - return nil - } - EventuallyWithOffset(2, verifyDeploymentReady, 240*time.Second, time.Second).Should(Succeed(), - "Deployment is not ready") + ExpectWithOffset(2, err).NotTo(HaveOccurred(), "Controller-manager service should exist") - By("ensuring the service endpoint is ready") - eventuallyCheckServiceEndpoint := func() error { - output, err := kbc.Kubectl.Get( - true, - "endpoints", fmt.Sprintf("e2e-%s-controller-manager-metrics-service", kbc.TestSuffix), - "-o", "jsonpath={.subsets[*].addresses[*].ip}", - ) - if err != nil { - return err + By("ensuring the service endpoint is ready") + eventuallyCheckServiceEndpoint := func() error { + output, err := kbc.Kubectl.Get( + true, + "endpoints", fmt.Sprintf("e2e-%s-controller-manager-metrics-service", kbc.TestSuffix), + "-o", "jsonpath={.subsets[*].addresses[*].ip}", + ) + if err != nil { + return err + } + if output == "" { + return fmt.Errorf("no endpoints found") + } + return nil } - if output == "" { - return fmt.Errorf("no endpoints found") + EventuallyWithOffset(2, eventuallyCheckServiceEndpoint, 2*time.Minute, time.Second).Should(Succeed(), + "Service endpoint should be ready") + + By("creating a curl pod to access the metrics endpoint") + // nolint:lll + cmdOpts := []string{ + "run", "curl", + "--restart=Never", + "--namespace", kbc.Kubectl.Namespace, + "--image=curlimages/curl:7.78.0", + "--", + "/bin/sh", "-c", fmt.Sprintf("curl -v -k http://e2e-%s-controller-manager-metrics-service.%s.svc.cluster.local:8080/metrics", + kbc.TestSuffix, kbc.Kubectl.Namespace), } - return nil - } - EventuallyWithOffset(2, eventuallyCheckServiceEndpoint, 2*time.Minute, time.Second).Should(Succeed(), - "Service endpoint should be ready") - - By("creating a curl pod to access the metrics endpoint") - // nolint:lll - cmdOpts := []string{ - "run", "curl", - "--restart=Never", - "--namespace", kbc.Kubectl.Namespace, - "--image=curlimages/curl:7.78.0", - "--", - "/bin/sh", "-c", fmt.Sprintf("curl -v -k http://e2e-%s-controller-manager-metrics-service.%s.svc.cluster.local:8080/metrics", - kbc.TestSuffix, kbc.Kubectl.Namespace), - } - _, err = kbc.Kubectl.CommandInNamespace(cmdOpts...) - ExpectWithOffset(2, err).NotTo(HaveOccurred()) + _, err = kbc.Kubectl.CommandInNamespace(cmdOpts...) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) - var metricsOutput string - if hasMetrics { By("validating that the curl pod is running as expected") verifyCurlUp := func() error { status, err := kbc.Kubectl.Get( @@ -347,6 +340,20 @@ func curlMetrics(kbc *utils.TestContext, hasMetrics bool) string { } EventuallyWithOffset(2, getCurlLogs, 10*time.Second, time.Second).Should(ContainSubstring("< HTTP/1.1 200 OK")) } else { + By("creating a curl pod to access the metrics endpoint") + // nolint:lll + cmdOpts := []string{ + "run", "curl", + "--restart=Never", + "--namespace", kbc.Kubectl.Namespace, + "--image=curlimages/curl:7.78.0", + "--", + "/bin/sh", "-c", fmt.Sprintf("curl -v -k http://e2e-%s-controller-manager-metrics-service.%s.svc.cluster.local:8080/metrics", + kbc.TestSuffix, kbc.Kubectl.Namespace), + } + _, err := kbc.Kubectl.CommandInNamespace(cmdOpts...) + ExpectWithOffset(2, err).NotTo(HaveOccurred()) + By("validating that the curl pod fail as expected") verifyCurlUp := func() error { status, err := kbc.Kubectl.Get( @@ -363,14 +370,14 @@ func curlMetrics(kbc *utils.TestContext, hasMetrics bool) string { By("validating that the metrics endpoint is not working as expected") getCurlLogs := func() string { - metricsOutput, err = kbc.Kubectl.Logs("curl") + metricsOutput, err := kbc.Kubectl.Logs("curl") ExpectWithOffset(3, err).NotTo(HaveOccurred()) return metricsOutput } - EventuallyWithOffset(2, getCurlLogs, 10*time.Second, time.Second).Should(ContainSubstring("Connection refused")) + EventuallyWithOffset(2, getCurlLogs, 10*time.Second, time.Second).Should(ContainSubstring("Could not resolve host")) } By("cleaning up the curl pod") - _, err = kbc.Kubectl.Delete(true, "pods/curl") + _, err := kbc.Kubectl.Delete(true, "pods/curl") ExpectWithOffset(3, err).NotTo(HaveOccurred()) return metricsOutput diff --git a/testdata/project-v4-multigroup-with-deploy-image/cmd/main.go b/testdata/project-v4-multigroup-with-deploy-image/cmd/main.go index 9ebbc36339..ca4f395ce2 100644 --- a/testdata/project-v4-multigroup-with-deploy-image/cmd/main.go +++ b/testdata/project-v4-multigroup-with-deploy-image/cmd/main.go @@ -82,7 +82,8 @@ func main() { var probeAddr string var secureMetrics bool var enableHTTP2 bool - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metric endpoint binds to. "+ + "Use the port :8080. If not set, it will be '0 in order to disable the metrics server") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/default/kustomization.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/default/kustomization.yaml index e81d73d4bc..b81da332f7 100644 --- a/testdata/project-v4-multigroup-with-deploy-image/config/default/kustomization.yaml +++ b/testdata/project-v4-multigroup-with-deploy-image/config/default/kustomization.yaml @@ -25,12 +25,17 @@ resources: #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus +# [METRICS] To enable the controller manager metrics service, uncomment the following line. +#- metrics_service.yaml +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager patches: # [METRICS] The following patch will enable the metrics endpoint. Ensure that you also protect this endpoint. # More info: https://book.kubebuilder.io/reference/metrics # If you want to expose the metric endpoint of your controller-manager uncomment the following line. #- path: manager_metrics_patch.yaml +# target: +# kind: Deployment # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/default/manager_metrics_patch.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/default/manager_metrics_patch.yaml index ee197d3f71..6c546ae4ca 100644 --- a/testdata/project-v4-multigroup-with-deploy-image/config/default/manager_metrics_patch.yaml +++ b/testdata/project-v4-multigroup-with-deploy-image/config/default/manager_metrics_patch.yaml @@ -1,13 +1,4 @@ # This patch adds the args to allow exposing the metrics endpoint securely -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--metrics-bind-address=0.0.0.0:8080" +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8080 diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/rbac/metrics_service.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/default/metrics_service.yaml similarity index 100% rename from testdata/project-v4-multigroup-with-deploy-image/config/rbac/metrics_service.yaml rename to testdata/project-v4-multigroup-with-deploy-image/config/default/metrics_service.yaml diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/manager/manager.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/manager/manager.yaml index 4e217f48c6..6059ca1e23 100644 --- a/testdata/project-v4-multigroup-with-deploy-image/config/manager/manager.yaml +++ b/testdata/project-v4-multigroup-with-deploy-image/config/manager/manager.yaml @@ -63,7 +63,6 @@ spec: args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 image: controller:latest name: manager securityContext: diff --git a/testdata/project-v4-multigroup-with-deploy-image/config/rbac/kustomization.yaml b/testdata/project-v4-multigroup-with-deploy-image/config/rbac/kustomization.yaml index 51bf3b2bea..a2f9efd10a 100644 --- a/testdata/project-v4-multigroup-with-deploy-image/config/rbac/kustomization.yaml +++ b/testdata/project-v4-multigroup-with-deploy-image/config/rbac/kustomization.yaml @@ -9,7 +9,6 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -- metrics_service.yaml # For each CRD, "Editor" and "Viewer" roles are scaffolded by # default, aiding admins in cluster management. Those roles are # not used by the Project itself. You can comment the following lines diff --git a/testdata/project-v4-multigroup-with-deploy-image/dist/install.yaml b/testdata/project-v4-multigroup-with-deploy-image/dist/install.yaml index 1f880c1fcd..e2bfb74153 100644 --- a/testdata/project-v4-multigroup-with-deploy-image/dist/install.yaml +++ b/testdata/project-v4-multigroup-with-deploy-image/dist/install.yaml @@ -1474,24 +1474,6 @@ subjects: --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: project-v4-multigroup-with-deploy-image - control-plane: controller-manager - name: project-v4-multigroup-with-deploy-image-controller-manager-metrics-service - namespace: project-v4-multigroup-with-deploy-image-system -spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - control-plane: controller-manager ---- -apiVersion: v1 -kind: Service metadata: labels: app.kubernetes.io/managed-by: kustomize @@ -1531,7 +1513,6 @@ spec: - args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 command: - /manager image: controller:latest diff --git a/testdata/project-v4-multigroup/cmd/main.go b/testdata/project-v4-multigroup/cmd/main.go index 8f94048467..d52dc885d6 100644 --- a/testdata/project-v4-multigroup/cmd/main.go +++ b/testdata/project-v4-multigroup/cmd/main.go @@ -82,7 +82,8 @@ func main() { var probeAddr string var secureMetrics bool var enableHTTP2 bool - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metric endpoint binds to. "+ + "Use the port :8080. If not set, it will be '0 in order to disable the metrics server") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ diff --git a/testdata/project-v4-multigroup/config/default/kustomization.yaml b/testdata/project-v4-multigroup/config/default/kustomization.yaml index d00ee2596e..fd22f14ceb 100644 --- a/testdata/project-v4-multigroup/config/default/kustomization.yaml +++ b/testdata/project-v4-multigroup/config/default/kustomization.yaml @@ -25,12 +25,17 @@ resources: #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus +# [METRICS] To enable the controller manager metrics service, uncomment the following line. +#- metrics_service.yaml +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager patches: # [METRICS] The following patch will enable the metrics endpoint. Ensure that you also protect this endpoint. # More info: https://book.kubebuilder.io/reference/metrics # If you want to expose the metric endpoint of your controller-manager uncomment the following line. #- path: manager_metrics_patch.yaml +# target: +# kind: Deployment # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml diff --git a/testdata/project-v4-multigroup/config/default/manager_metrics_patch.yaml b/testdata/project-v4-multigroup/config/default/manager_metrics_patch.yaml index ee197d3f71..6c546ae4ca 100644 --- a/testdata/project-v4-multigroup/config/default/manager_metrics_patch.yaml +++ b/testdata/project-v4-multigroup/config/default/manager_metrics_patch.yaml @@ -1,13 +1,4 @@ # This patch adds the args to allow exposing the metrics endpoint securely -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--metrics-bind-address=0.0.0.0:8080" +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8080 diff --git a/testdata/project-v4-multigroup/config/rbac/metrics_service.yaml b/testdata/project-v4-multigroup/config/default/metrics_service.yaml similarity index 100% rename from testdata/project-v4-multigroup/config/rbac/metrics_service.yaml rename to testdata/project-v4-multigroup/config/default/metrics_service.yaml diff --git a/testdata/project-v4-multigroup/config/manager/manager.yaml b/testdata/project-v4-multigroup/config/manager/manager.yaml index a65ca4a1bc..3691f15c77 100644 --- a/testdata/project-v4-multigroup/config/manager/manager.yaml +++ b/testdata/project-v4-multigroup/config/manager/manager.yaml @@ -63,7 +63,6 @@ spec: args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 image: controller:latest name: manager securityContext: diff --git a/testdata/project-v4-multigroup/config/rbac/kustomization.yaml b/testdata/project-v4-multigroup/config/rbac/kustomization.yaml index 51bf3b2bea..a2f9efd10a 100644 --- a/testdata/project-v4-multigroup/config/rbac/kustomization.yaml +++ b/testdata/project-v4-multigroup/config/rbac/kustomization.yaml @@ -9,7 +9,6 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -- metrics_service.yaml # For each CRD, "Editor" and "Viewer" roles are scaffolded by # default, aiding admins in cluster management. Those roles are # not used by the Project itself. You can comment the following lines diff --git a/testdata/project-v4-multigroup/dist/install.yaml b/testdata/project-v4-multigroup/dist/install.yaml index 8b03103111..4bf55ee7d0 100644 --- a/testdata/project-v4-multigroup/dist/install.yaml +++ b/testdata/project-v4-multigroup/dist/install.yaml @@ -1474,24 +1474,6 @@ subjects: --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: project-v4-multigroup - control-plane: controller-manager - name: project-v4-multigroup-controller-manager-metrics-service - namespace: project-v4-multigroup-system -spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - control-plane: controller-manager ---- -apiVersion: v1 -kind: Service metadata: labels: app.kubernetes.io/managed-by: kustomize @@ -1531,7 +1513,6 @@ spec: - args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 command: - /manager image: controller:latest diff --git a/testdata/project-v4-with-deploy-image/cmd/main.go b/testdata/project-v4-with-deploy-image/cmd/main.go index 25a3a61baf..69c4e59787 100644 --- a/testdata/project-v4-with-deploy-image/cmd/main.go +++ b/testdata/project-v4-with-deploy-image/cmd/main.go @@ -57,7 +57,8 @@ func main() { var probeAddr string var secureMetrics bool var enableHTTP2 bool - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metric endpoint binds to. "+ + "Use the port :8080. If not set, it will be '0 in order to disable the metrics server") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ diff --git a/testdata/project-v4-with-deploy-image/config/default/kustomization.yaml b/testdata/project-v4-with-deploy-image/config/default/kustomization.yaml index bf965dc95f..a446d6d4a0 100644 --- a/testdata/project-v4-with-deploy-image/config/default/kustomization.yaml +++ b/testdata/project-v4-with-deploy-image/config/default/kustomization.yaml @@ -25,12 +25,17 @@ resources: #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus +# [METRICS] To enable the controller manager metrics service, uncomment the following line. +#- metrics_service.yaml +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager patches: # [METRICS] The following patch will enable the metrics endpoint. Ensure that you also protect this endpoint. # More info: https://book.kubebuilder.io/reference/metrics # If you want to expose the metric endpoint of your controller-manager uncomment the following line. #- path: manager_metrics_patch.yaml +# target: +# kind: Deployment # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml diff --git a/testdata/project-v4-with-deploy-image/config/default/manager_metrics_patch.yaml b/testdata/project-v4-with-deploy-image/config/default/manager_metrics_patch.yaml index ee197d3f71..6c546ae4ca 100644 --- a/testdata/project-v4-with-deploy-image/config/default/manager_metrics_patch.yaml +++ b/testdata/project-v4-with-deploy-image/config/default/manager_metrics_patch.yaml @@ -1,13 +1,4 @@ # This patch adds the args to allow exposing the metrics endpoint securely -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--metrics-bind-address=0.0.0.0:8080" +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8080 diff --git a/testdata/project-v4-with-deploy-image/config/rbac/metrics_service.yaml b/testdata/project-v4-with-deploy-image/config/default/metrics_service.yaml similarity index 100% rename from testdata/project-v4-with-deploy-image/config/rbac/metrics_service.yaml rename to testdata/project-v4-with-deploy-image/config/default/metrics_service.yaml diff --git a/testdata/project-v4-with-deploy-image/config/manager/manager.yaml b/testdata/project-v4-with-deploy-image/config/manager/manager.yaml index 1fd54a41dc..0341968d86 100644 --- a/testdata/project-v4-with-deploy-image/config/manager/manager.yaml +++ b/testdata/project-v4-with-deploy-image/config/manager/manager.yaml @@ -63,7 +63,6 @@ spec: args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 image: controller:latest name: manager env: diff --git a/testdata/project-v4-with-deploy-image/config/rbac/kustomization.yaml b/testdata/project-v4-with-deploy-image/config/rbac/kustomization.yaml index 234947b0ce..1a988b476a 100644 --- a/testdata/project-v4-with-deploy-image/config/rbac/kustomization.yaml +++ b/testdata/project-v4-with-deploy-image/config/rbac/kustomization.yaml @@ -9,7 +9,6 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -- metrics_service.yaml # For each CRD, "Editor" and "Viewer" roles are scaffolded by # default, aiding admins in cluster management. Those roles are # not used by the Project itself. You can comment the following lines diff --git a/testdata/project-v4-with-deploy-image/dist/install.yaml b/testdata/project-v4-with-deploy-image/dist/install.yaml index b2abdf4891..37b7b206f9 100644 --- a/testdata/project-v4-with-deploy-image/dist/install.yaml +++ b/testdata/project-v4-with-deploy-image/dist/install.yaml @@ -550,24 +550,6 @@ subjects: --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: project-v4-with-deploy-image - control-plane: controller-manager - name: project-v4-with-deploy-image-controller-manager-metrics-service - namespace: project-v4-with-deploy-image-system -spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - control-plane: controller-manager ---- -apiVersion: v1 -kind: Service metadata: labels: app.kubernetes.io/managed-by: kustomize @@ -607,7 +589,6 @@ spec: - args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 command: - /manager env: diff --git a/testdata/project-v4-with-grafana/cmd/main.go b/testdata/project-v4-with-grafana/cmd/main.go index f2f93f0fd7..0be97f24e6 100644 --- a/testdata/project-v4-with-grafana/cmd/main.go +++ b/testdata/project-v4-with-grafana/cmd/main.go @@ -53,7 +53,8 @@ func main() { var probeAddr string var secureMetrics bool var enableHTTP2 bool - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metric endpoint binds to. "+ + "Use the port :8080. If not set, it will be '0 in order to disable the metrics server") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ diff --git a/testdata/project-v4-with-grafana/config/default/kustomization.yaml b/testdata/project-v4-with-grafana/config/default/kustomization.yaml index df5296e37f..d17c01b9af 100644 --- a/testdata/project-v4-with-grafana/config/default/kustomization.yaml +++ b/testdata/project-v4-with-grafana/config/default/kustomization.yaml @@ -25,12 +25,17 @@ resources: #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus +# [METRICS] To enable the controller manager metrics service, uncomment the following line. +#- metrics_service.yaml -patches: +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager +#patches: # [METRICS] The following patch will enable the metrics endpoint. Ensure that you also protect this endpoint. # More info: https://book.kubebuilder.io/reference/metrics # If you want to expose the metric endpoint of your controller-manager uncomment the following line. #- path: manager_metrics_patch.yaml +# target: +# kind: Deployment # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml diff --git a/testdata/project-v4-with-grafana/config/default/manager_metrics_patch.yaml b/testdata/project-v4-with-grafana/config/default/manager_metrics_patch.yaml index ee197d3f71..6c546ae4ca 100644 --- a/testdata/project-v4-with-grafana/config/default/manager_metrics_patch.yaml +++ b/testdata/project-v4-with-grafana/config/default/manager_metrics_patch.yaml @@ -1,13 +1,4 @@ # This patch adds the args to allow exposing the metrics endpoint securely -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--metrics-bind-address=0.0.0.0:8080" +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8080 diff --git a/testdata/project-v4-with-grafana/config/rbac/metrics_service.yaml b/testdata/project-v4-with-grafana/config/default/metrics_service.yaml similarity index 100% rename from testdata/project-v4-with-grafana/config/rbac/metrics_service.yaml rename to testdata/project-v4-with-grafana/config/default/metrics_service.yaml diff --git a/testdata/project-v4-with-grafana/config/manager/manager.yaml b/testdata/project-v4-with-grafana/config/manager/manager.yaml index 64ab9a2daa..f64bc38baf 100644 --- a/testdata/project-v4-with-grafana/config/manager/manager.yaml +++ b/testdata/project-v4-with-grafana/config/manager/manager.yaml @@ -63,7 +63,6 @@ spec: args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 image: controller:latest name: manager securityContext: diff --git a/testdata/project-v4-with-grafana/config/rbac/kustomization.yaml b/testdata/project-v4-with-grafana/config/rbac/kustomization.yaml index cb51d20d1c..166fe79868 100644 --- a/testdata/project-v4-with-grafana/config/rbac/kustomization.yaml +++ b/testdata/project-v4-with-grafana/config/rbac/kustomization.yaml @@ -9,4 +9,3 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -- metrics_service.yaml diff --git a/testdata/project-v4-with-grafana/dist/install.yaml b/testdata/project-v4-with-grafana/dist/install.yaml index 97764fed65..6831125a6a 100644 --- a/testdata/project-v4-with-grafana/dist/install.yaml +++ b/testdata/project-v4-with-grafana/dist/install.yaml @@ -107,24 +107,6 @@ subjects: name: project-v4-with-grafana-controller-manager namespace: project-v4-with-grafana-system --- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: project-v4-with-grafana - control-plane: controller-manager - name: project-v4-with-grafana-controller-manager-metrics-service - namespace: project-v4-with-grafana-system -spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - control-plane: controller-manager ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -150,7 +132,6 @@ spec: - args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 command: - /manager image: controller:latest diff --git a/testdata/project-v4/cmd/main.go b/testdata/project-v4/cmd/main.go index f66cf94fcd..cf3ed51674 100644 --- a/testdata/project-v4/cmd/main.go +++ b/testdata/project-v4/cmd/main.go @@ -57,7 +57,8 @@ func main() { var probeAddr string var secureMetrics bool var enableHTTP2 bool - flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.StringVar(&metricsAddr, "metrics-bind-address", "0", "The address the metric endpoint binds to. "+ + "Use the port :8080. If not set, it will be '0 in order to disable the metrics server") flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.") flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. "+ diff --git a/testdata/project-v4/config/default/kustomization.yaml b/testdata/project-v4/config/default/kustomization.yaml index 131ea0843e..9bb07eabee 100644 --- a/testdata/project-v4/config/default/kustomization.yaml +++ b/testdata/project-v4/config/default/kustomization.yaml @@ -25,12 +25,17 @@ resources: #- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus +# [METRICS] To enable the controller manager metrics service, uncomment the following line. +#- metrics_service.yaml +# Uncomment the patches line if you enable Metrics, and/or are using webhooks and cert-manager patches: # [METRICS] The following patch will enable the metrics endpoint. Ensure that you also protect this endpoint. # More info: https://book.kubebuilder.io/reference/metrics # If you want to expose the metric endpoint of your controller-manager uncomment the following line. #- path: manager_metrics_patch.yaml +# target: +# kind: Deployment # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml diff --git a/testdata/project-v4/config/default/manager_metrics_patch.yaml b/testdata/project-v4/config/default/manager_metrics_patch.yaml index ee197d3f71..6c546ae4ca 100644 --- a/testdata/project-v4/config/default/manager_metrics_patch.yaml +++ b/testdata/project-v4/config/default/manager_metrics_patch.yaml @@ -1,13 +1,4 @@ # This patch adds the args to allow exposing the metrics endpoint securely -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--metrics-bind-address=0.0.0.0:8080" +- op: add + path: /spec/template/spec/containers/0/args/0 + value: --metrics-bind-address=:8080 diff --git a/testdata/project-v4/config/rbac/metrics_service.yaml b/testdata/project-v4/config/default/metrics_service.yaml similarity index 100% rename from testdata/project-v4/config/rbac/metrics_service.yaml rename to testdata/project-v4/config/default/metrics_service.yaml diff --git a/testdata/project-v4/config/manager/manager.yaml b/testdata/project-v4/config/manager/manager.yaml index 29ab53f42f..c190d7739d 100644 --- a/testdata/project-v4/config/manager/manager.yaml +++ b/testdata/project-v4/config/manager/manager.yaml @@ -63,7 +63,6 @@ spec: args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 image: controller:latest name: manager securityContext: diff --git a/testdata/project-v4/config/rbac/kustomization.yaml b/testdata/project-v4/config/rbac/kustomization.yaml index 6dd56c7db2..2a7debcd3a 100644 --- a/testdata/project-v4/config/rbac/kustomization.yaml +++ b/testdata/project-v4/config/rbac/kustomization.yaml @@ -9,7 +9,6 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -- metrics_service.yaml # For each CRD, "Editor" and "Viewer" roles are scaffolded by # default, aiding admins in cluster management. Those roles are # not used by the Project itself. You can comment the following lines diff --git a/testdata/project-v4/dist/install.yaml b/testdata/project-v4/dist/install.yaml index 47b70abe18..49d4cb1bdc 100644 --- a/testdata/project-v4/dist/install.yaml +++ b/testdata/project-v4/dist/install.yaml @@ -544,24 +544,6 @@ subjects: --- apiVersion: v1 kind: Service -metadata: - labels: - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: project-v4 - control-plane: controller-manager - name: project-v4-controller-manager-metrics-service - namespace: project-v4-system -spec: - ports: - - name: http - port: 8080 - protocol: TCP - targetPort: 8080 - selector: - control-plane: controller-manager ---- -apiVersion: v1 -kind: Service metadata: labels: app.kubernetes.io/managed-by: kustomize @@ -601,7 +583,6 @@ spec: - args: - --leader-elect - --health-probe-bind-address=:8081 - - --metrics-bind-address=0 command: - /manager image: controller:latest