forked from elastic/cloud-on-k8s
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Remove kube-rbac-proxy (elastic#8302)
This removes the kube-auth-proxy from the ECK Helm charts and the ECK documentation. Instead if follows the recommendation from controller-runtime to use the built-in FilterProvider filters.WithAuthenticationAndAuthorization. This pulls in a bunch of k8s API server dependencies increasing the binary size by about 12MB IIRC. I have also tried to address some issues with our current Helm templating of the metrics server: - allow enabling the secure mode with TLS+auth while not forcing users to have Promotheus installed e.g. when using Elastic Agent (!) (service monitor is still generated by default for bwc) - mixing configuration properties for the service monitor with the configuration properties of the metrics server (I moved them to serviceMonitor.* while implementing a form of bwc layer in the template --------- Co-authored-by: Michael Montgomery <mmontg1@gmail.com> Co-authored-by: Michael Morello <michael.morello@elastic.co> (cherry picked from commit 032bff5) # Conflicts: # go.sum
- Loading branch information
Showing
17 changed files
with
3,579 additions
and
1,010 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
79 changes: 79 additions & 0 deletions
79
deploy/eck-operator/templates/tests/service-monitor_test.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json | ||
suite: test operator service monitor | ||
templates: | ||
- service-monitor.yaml | ||
tests: | ||
- it: default service monitor | ||
set: | ||
config: | ||
metrics: | ||
secureMode: | ||
enabled: true | ||
asserts: | ||
- template: service-monitor.yaml | ||
equal: | ||
path: spec | ||
value: | ||
endpoints: | ||
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token | ||
interval: 30s | ||
path: /metrics | ||
port: https | ||
scheme: https | ||
tlsConfig: | ||
insecureSkipVerify: true | ||
namespaceSelector: | ||
matchNames: | ||
- NAMESPACE | ||
selector: | ||
matchLabels: | ||
app.kubernetes.io/instance: RELEASE-NAME | ||
app.kubernetes.io/name: elastic-operator-metrics-service | ||
- it: legacy values | ||
set: | ||
config: | ||
metrics: | ||
secureMode: | ||
enabled: true | ||
tls: | ||
insecureSkipVerify: false | ||
caSecret: metrics-ca | ||
caMountDirectory: /etc/custom-ca/ | ||
asserts: | ||
- template: service-monitor.yaml | ||
equal: | ||
path: spec.endpoints[0].tlsConfig | ||
value: | ||
caFile: /etc/custom-ca/metrics-ca/ca.crt | ||
insecureSkipVerify: false | ||
serverName: elastic-operator-metrics.NAMESPACE.svc | ||
- it: serviceMonitor values | ||
set: | ||
config: | ||
metrics: | ||
secureMode: | ||
enabled: true | ||
serviceMonitor: | ||
insecureSkipVerify: false | ||
caSecret: metrics-ca | ||
caMountDirectory: /etc/custom-ca/ | ||
asserts: | ||
- template: service-monitor.yaml | ||
equal: | ||
path: spec.endpoints[0].tlsConfig | ||
value: | ||
caFile: /etc/custom-ca/metrics-ca/ca.crt | ||
insecureSkipVerify: false | ||
serverName: elastic-operator-metrics.NAMESPACE.svc | ||
- it: secure mode without service monitor | ||
set: | ||
serviceMonitor: | ||
enabled: false | ||
config: | ||
metrics: | ||
secureMode: | ||
enabled: true | ||
asserts: | ||
- template: service-monitor.yaml | ||
hasDocuments: | ||
count: 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.