fix place where the metrics service should be scaffolded

docs/book/src/cronjob-tutorial/testdata/project/config/manager/kustomization.yaml

@@ -1,2 +1,4 @@
 resources:
 - manager.yaml
+# If you want to expose the metrics endpoint without TLS/HTTP protection, uncomment the following line.
+#- metrics_service.yaml

docs/book/src/cronjob-tutorial/testdata/project/config/rbac/kustomization.yaml

@@ -9,7 +9,6 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-- metrics_service.yaml
 # For each CRD, "Editor" and "Viewer" roles are scaffolded by
 # default, aiding admins in cluster management. Those roles are
 # not used by the Project itself. You can comment the following lines

docs/book/src/getting-started/testdata/project/config/manager/kustomization.yaml

@@ -1,2 +1,4 @@
 resources:
 - manager.yaml
+# If you want to expose the metrics endpoint without TLS/HTTP protection, uncomment the following line.
+#- metrics_service.yaml

docs/book/src/getting-started/testdata/project/config/rbac/kustomization.yaml

@@ -9,7 +9,6 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-- metrics_service.yaml
 # For each CRD, "Editor" and "Viewer" roles are scaffolded by
 # default, aiding admins in cluster management. Those roles are
 # not used by the Project itself. You can comment the following lines

docs/book/src/reference/metrics.md

@@ -54,6 +54,14 @@ in the file `config/default/kustomization.yaml`, see:
 #    kind: Deployment
 ```
 
+Then, you will need to enable the Metrics Service in `config/manager/kustomization.yaml`:
+
+```yaml
+- manager.yaml
+# If you want to expose the metrics endpoint without TLS/HTTP protection, uncomment the following line.
+#- metrics_service.yaml
+```
+
 Note that projects are scaffolded by default passing the flag `--metrics-bind-address=0`
 to the manager to ensure that metrics are disabled. See the [controller-runtime
 implementation](https://github.com/kubernetes-sigs/controller-runtime/blob/834905b07c7b5a78e86d21d764f7c2fdaa9602e0/pkg/metrics/server/server.go#L119-L122)

pkg/plugins/common/kustomize/v2/scaffolds/init.go

@@ -64,7 +64,7 @@ func (s *initScaffolder) Scaffold() error {
 
 	templates := []machinery.Builder{
 		&rbac.Kustomization{},
-		&rbac.MetricsService{},
+		&manager.MetricsService{},
 		&rbac.RoleBinding{},
 		// We need to create a Role because if the project
 		// has not CRD define the controller-gen will not generate this file

pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/kustomization.go

@@ -44,4 +44,6 @@ func (f *Kustomization) SetTemplateDefaults() error {
 
 const kustomizeManagerTemplate = `resources:
 - manager.yaml
+# If you want to expose the metrics endpoint without TLS/HTTP protection, uncomment the following line.
+#- metrics_service.yaml
 `

pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/metrics_service.go → pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/manager/metrics_service.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package rbac
+package manager
 
 import (
 	"path/filepath"
@@ -33,7 +33,7 @@ type MetricsService struct {
 // SetTemplateDefaults implements file.Template
 func (f *MetricsService) SetTemplateDefaults() error {
 	if f.Path == "" {
-		f.Path = filepath.Join("config", "rbac", "metrics_service.yaml")
+		f.Path = filepath.Join("config", "manager", "metrics_service.yaml")
 	}
 
 	f.TemplateBody = metricsServiceTemplate

pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac/kustomization.go

@@ -53,5 +53,4 @@ const kustomizeRBACTemplate = `resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-- metrics_service.yaml
 `

test/e2e/v4/generate_test.go

@@ -66,6 +66,9 @@ func GenerateV4(kbc *utils.TestContext) {
 	ExpectWithOffset(1, pluginutil.UncommentCode(
 		filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
 		metricsTarget, "#")).To(Succeed())
+	ExpectWithOffset(1, pluginutil.UncommentCode(
+		filepath.Join(kbc.Dir, "config", "manager", "kustomization.yaml"),
+		"#- metrics_service.yaml", "#")).To(Succeed())
 
 	ExpectWithOffset(1, pluginutil.UncommentCode(filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
 		certManagerTarget, "#")).To(Succeed())
@@ -126,6 +129,9 @@ func GenerateV4WithoutWebhooks(kbc *utils.TestContext) {
 	ExpectWithOffset(1, pluginutil.UncommentCode(
 		filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
 		metricsTarget, "#")).To(Succeed())
+	ExpectWithOffset(1, pluginutil.UncommentCode(
+		filepath.Join(kbc.Dir, "config", "manager", "kustomization.yaml"),
+		"#- metrics_service.yaml", "#")).To(Succeed())
 
 	if kbc.IsRestricted {
 		By("uncomment kustomize files to ensure that pods are restricted")

test/e2e/v4/plugin_cluster_test.go

@@ -278,66 +278,47 @@ func Run(kbc *utils.TestContext, hasWebhook, isToUseInstaller, hasMetrics bool)
 
 // curlMetrics curl's the /metrics endpoint, returning all logs once a 200 status is returned.
 func curlMetrics(kbc *utils.TestContext, hasMetrics bool) string {
-	By("validating that the controller-manager service is available")
-	_, err := kbc.Kubectl.Get(
-		true,
-		"service", fmt.Sprintf("e2e-%s-controller-manager-metrics-service", kbc.TestSuffix),
-	)
-	ExpectWithOffset(2, err).NotTo(HaveOccurred(), "Controller-manager service should exist")
-
-	By("validating that the controller-manager deployment is ready")
-	verifyDeploymentReady := func() error {
-		output, err := kbc.Kubectl.Get(
+	var metricsOutput string
+	if hasMetrics {
+		By("validating that the controller-manager service is available")
+		_, err := kbc.Kubectl.Get(
 			true,
-			"deployment", fmt.Sprintf("e2e-%s-controller-manager", kbc.TestSuffix),
-			"-o", "jsonpath={.status.readyReplicas}",
+			"service", fmt.Sprintf("e2e-%s-controller-manager-metrics-service", kbc.TestSuffix),
 		)
-		if err != nil {
-			return err
-		}
-		readyReplicas, _ := strconv.Atoi(output)
-		if readyReplicas < 1 {
-			return fmt.Errorf("expected at least 1 ready replica, got %d", readyReplicas)
-		}
-		return nil
-	}
-	EventuallyWithOffset(2, verifyDeploymentReady, 240*time.Second, time.Second).Should(Succeed(),
-		"Deployment is not ready")
+		ExpectWithOffset(2, err).NotTo(HaveOccurred(), "Controller-manager service should exist")
 
-	By("ensuring the service endpoint is ready")
-	eventuallyCheckServiceEndpoint := func() error {
-		output, err := kbc.Kubectl.Get(
-			true,
-			"endpoints", fmt.Sprintf("e2e-%s-controller-manager-metrics-service", kbc.TestSuffix),
-			"-o", "jsonpath={.subsets[*].addresses[*].ip}",
-		)
-		if err != nil {
-			return err
+		By("ensuring the service endpoint is ready")
+		eventuallyCheckServiceEndpoint := func() error {
+			output, err := kbc.Kubectl.Get(
+				true,
+				"endpoints", fmt.Sprintf("e2e-%s-controller-manager-metrics-service", kbc.TestSuffix),
+				"-o", "jsonpath={.subsets[*].addresses[*].ip}",
+			)
+			if err != nil {
+				return err
+			}
+			if output == "" {
+				return fmt.Errorf("no endpoints found")
+			}
+			return nil
 		}
-		if output == "" {
-			return fmt.Errorf("no endpoints found")
+		EventuallyWithOffset(2, eventuallyCheckServiceEndpoint, 2*time.Minute, time.Second).Should(Succeed(),
+			"Service endpoint should be ready")
+
+		By("creating a curl pod to access the metrics endpoint")
+		// nolint:lll
+		cmdOpts := []string{
+			"run", "curl",
+			"--restart=Never",
+			"--namespace", kbc.Kubectl.Namespace,
+			"--image=curlimages/curl:7.78.0",
+			"--",
+			"/bin/sh", "-c", fmt.Sprintf("curl -v -k http://e2e-%s-controller-manager-metrics-service.%s.svc.cluster.local:8080/metrics",
+				kbc.TestSuffix, kbc.Kubectl.Namespace),
 		}
-		return nil
-	}
-	EventuallyWithOffset(2, eventuallyCheckServiceEndpoint, 2*time.Minute, time.Second).Should(Succeed(),
-		"Service endpoint should be ready")
-
-	By("creating a curl pod to access the metrics endpoint")
-	// nolint:lll
-	cmdOpts := []string{
-		"run", "curl",
-		"--restart=Never",
-		"--namespace", kbc.Kubectl.Namespace,
-		"--image=curlimages/curl:7.78.0",
-		"--",
-		"/bin/sh", "-c", fmt.Sprintf("curl -v -k http://e2e-%s-controller-manager-metrics-service.%s.svc.cluster.local:8080/metrics",
-			kbc.TestSuffix, kbc.Kubectl.Namespace),
-	}
-	_, err = kbc.Kubectl.CommandInNamespace(cmdOpts...)
-	ExpectWithOffset(2, err).NotTo(HaveOccurred())
+		_, err = kbc.Kubectl.CommandInNamespace(cmdOpts...)
+		ExpectWithOffset(2, err).NotTo(HaveOccurred())
 
-	var metricsOutput string
-	if hasMetrics {
 		By("validating that the curl pod is running as expected")
 		verifyCurlUp := func() error {
 			status, err := kbc.Kubectl.Get(
@@ -359,6 +340,20 @@ func curlMetrics(kbc *utils.TestContext, hasMetrics bool) string {
 		}
 		EventuallyWithOffset(2, getCurlLogs, 10*time.Second, time.Second).Should(ContainSubstring("< HTTP/1.1 200 OK"))
 	} else {
+		By("creating a curl pod to access the metrics endpoint")
+		// nolint:lll
+		cmdOpts := []string{
+			"run", "curl",
+			"--restart=Never",
+			"--namespace", kbc.Kubectl.Namespace,
+			"--image=curlimages/curl:7.78.0",
+			"--",
+			"/bin/sh", "-c", fmt.Sprintf("curl -v -k http://e2e-%s-controller-manager-metrics-service.%s.svc.cluster.local:8080/metrics",
+				kbc.TestSuffix, kbc.Kubectl.Namespace),
+		}
+		_, err := kbc.Kubectl.CommandInNamespace(cmdOpts...)
+		ExpectWithOffset(2, err).NotTo(HaveOccurred())
+
 		By("validating that the curl pod fail as expected")
 		verifyCurlUp := func() error {
 			status, err := kbc.Kubectl.Get(
@@ -375,14 +370,14 @@ func curlMetrics(kbc *utils.TestContext, hasMetrics bool) string {
 
 		By("validating that the metrics endpoint is not working as expected")
 		getCurlLogs := func() string {
-			metricsOutput, err = kbc.Kubectl.Logs("curl")
+			metricsOutput, err := kbc.Kubectl.Logs("curl")
 			ExpectWithOffset(3, err).NotTo(HaveOccurred())
 			return metricsOutput
 		}
 		EventuallyWithOffset(2, getCurlLogs, 10*time.Second, time.Second).Should(ContainSubstring("Connection refused"))
 	}
 	By("cleaning up the curl pod")
-	_, err = kbc.Kubectl.Delete(true, "pods/curl")
+	_, err := kbc.Kubectl.Delete(true, "pods/curl")
 	ExpectWithOffset(3, err).NotTo(HaveOccurred())
 
 	return metricsOutput

testdata/project-v4-multigroup-with-deploy-image/config/rbac/kustomization.yaml

@@ -9,7 +9,6 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-- metrics_service.yaml
 # For each CRD, "Editor" and "Viewer" roles are scaffolded by
 # default, aiding admins in cluster management. Those roles are
 # not used by the Project itself. You can comment the following lines

testdata/project-v4-multigroup-with-deploy-image/dist/install.yaml

@@ -1474,24 +1474,6 @@ subjects:
 ---
 apiVersion: v1
 kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: project-v4-multigroup-with-deploy-image
-    control-plane: controller-manager
-  name: project-v4-multigroup-with-deploy-image-controller-manager-metrics-service
-  namespace: project-v4-multigroup-with-deploy-image-system
-spec:
-  ports:
-  - name: http
-    port: 8080
-    protocol: TCP
-    targetPort: 8080
-  selector:
-    control-plane: controller-manager
----
-apiVersion: v1
-kind: Service
 metadata:
   labels:
     app.kubernetes.io/managed-by: kustomize

testdata/project-v4-multigroup/config/rbac/kustomization.yaml

@@ -9,7 +9,6 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-- metrics_service.yaml
 # For each CRD, "Editor" and "Viewer" roles are scaffolded by
 # default, aiding admins in cluster management. Those roles are
 # not used by the Project itself. You can comment the following lines

testdata/project-v4-multigroup/dist/install.yaml

@@ -1474,24 +1474,6 @@ subjects:
 ---
 apiVersion: v1
 kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: project-v4-multigroup
-    control-plane: controller-manager
-  name: project-v4-multigroup-controller-manager-metrics-service
-  namespace: project-v4-multigroup-system
-spec:
-  ports:
-  - name: http
-    port: 8080
-    protocol: TCP
-    targetPort: 8080
-  selector:
-    control-plane: controller-manager
----
-apiVersion: v1
-kind: Service
 metadata:
   labels:
     app.kubernetes.io/managed-by: kustomize

testdata/project-v4-with-deploy-image/config/rbac/kustomization.yaml

@@ -9,7 +9,6 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-- metrics_service.yaml
 # For each CRD, "Editor" and "Viewer" roles are scaffolded by
 # default, aiding admins in cluster management. Those roles are
 # not used by the Project itself. You can comment the following lines

testdata/project-v4-with-deploy-image/dist/install.yaml

@@ -550,24 +550,6 @@ subjects:
 ---
 apiVersion: v1
 kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: project-v4-with-deploy-image
-    control-plane: controller-manager
-  name: project-v4-with-deploy-image-controller-manager-metrics-service
-  namespace: project-v4-with-deploy-image-system
-spec:
-  ports:
-  - name: http
-    port: 8080
-    protocol: TCP
-    targetPort: 8080
-  selector:
-    control-plane: controller-manager
----
-apiVersion: v1
-kind: Service
 metadata:
   labels:
     app.kubernetes.io/managed-by: kustomize

testdata/project-v4-with-grafana/config/rbac/kustomization.yaml

@@ -9,4 +9,3 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-- metrics_service.yaml

testdata/project-v4-with-grafana/dist/install.yaml

@@ -107,24 +107,6 @@ subjects:
   name: project-v4-with-grafana-controller-manager
   namespace: project-v4-with-grafana-system
 ---
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: project-v4-with-grafana
-    control-plane: controller-manager
-  name: project-v4-with-grafana-controller-manager-metrics-service
-  namespace: project-v4-with-grafana-system
-spec:
-  ports:
-  - name: http
-    port: 8080
-    protocol: TCP
-    targetPort: 8080
-  selector:
-    control-plane: controller-manager
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:

testdata/project-v4/config/rbac/kustomization.yaml

@@ -9,7 +9,6 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-- metrics_service.yaml
 # For each CRD, "Editor" and "Viewer" roles are scaffolded by
 # default, aiding admins in cluster management. Those roles are
 # not used by the Project itself. You can comment the following lines