restore some files

Signed-off-by: Ruben Vargas <[email protected]>
grafana · Jan 16, 2025 · aad0208 · aad0208
1 parent 9416ebe
commit aad0208
Show file tree

Hide file tree

Showing 18 changed files with 90 additions and 307 deletions.
diff --git a/Makefile b/Makefile
@@ -389,7 +389,7 @@ e2e:
 
 .PHONY: test-operator-metrics
 test-operator-metrics:
-	$(CHAINSAW) test --test-dir ./tests/operator-metrics
+	$(CHAINSAW) test --test-dir ./tests/operator-metrics --skip-delete
 
 # OpenShift end-to-tests
 .PHONY: e2e-openshift

diff --git a/bundle/community/manifests/tempo-operator-manager-config_v1_configmap.yaml b/bundle/community/manifests/tempo-operator-manager-config_v1_configmap.yaml
@@ -7,7 +7,8 @@ data:
     health:
       healthProbeBindAddress: :8081
     metrics:
-      bindAddress: 127.0.0.1:8080
+      secure: true
+      bindAddress: 127.0.0.1:8443
     webhook:
       port: 9443
     leaderElection:

diff --git a/bundle/community/manifests/tempo-operator.clusterserviceversion.yaml b/bundle/community/manifests/tempo-operator.clusterserviceversion.yaml
@@ -74,7 +74,7 @@ metadata:
     capabilities: Deep Insights
     categories: Logging & Tracing,Monitoring
     containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.14.2
-    createdAt: "2025-01-16T04:08:00Z"
+    createdAt: "2025-01-16T06:22:45Z"
     description: Create and manage deployments of Tempo, a high-scale distributed
       tracing backend.
     operatorframework.io/cluster-monitoring: "true"
@@ -1491,7 +1491,6 @@ spec:
                 - --zap-log-level=info
                 - start
                 - --config=controller_manager_config.yaml
-                - --metrics-bind-address=:8443
                 env:
                 - name: RELATED_IMAGE_TEMPO
                   value: docker.io/grafana/tempo:2.6.1
@@ -1517,6 +1516,9 @@ spec:
                 - containerPort: 9443
                   name: webhook-server
                   protocol: TCP
+                - containerPort: 8443
+                  name: https
+                  protocol: TCP
                 readinessProbe:
                   httpGet:
                     path: /readyz

diff --git a/bundle/openshift/manifests/tempo-operator-manager-config_v1_configmap.yaml b/bundle/openshift/manifests/tempo-operator-manager-config_v1_configmap.yaml
@@ -7,7 +7,8 @@ data:
     health:
       healthProbeBindAddress: :8081
     metrics:
-      bindAddress: 127.0.0.1:8080
+      secure: true
+      bindAddress: 127.0.0.1:8443
     webhook:
       port: 9443
     leaderElection:

diff --git a/bundle/openshift/manifests/tempo-operator.clusterserviceversion.yaml b/bundle/openshift/manifests/tempo-operator.clusterserviceversion.yaml
@@ -74,7 +74,7 @@ metadata:
     capabilities: Deep Insights
     categories: Logging & Tracing,Monitoring
     containerImage: ghcr.io/grafana/tempo-operator/tempo-operator:v0.14.2
-    createdAt: "2025-01-16T04:07:58Z"
+    createdAt: "2025-01-16T06:22:43Z"
     description: Create and manage deployments of Tempo, a high-scale distributed
       tracing backend.
     operatorframework.io/cluster-monitoring: "true"
@@ -1501,7 +1501,6 @@ spec:
                 - --zap-log-level=info
                 - start
                 - --config=controller_manager_config.yaml
-                - --metrics-bind-address=:8443
                 - --metrics-tls-private-key-file=/var/run/tls/server/tls.key
                 - --metrics-tls-cert-file=/var/run/tls/server/tls.crt
                 env:
@@ -1529,6 +1528,9 @@ spec:
                 - containerPort: 9443
                   name: webhook-server
                   protocol: TCP
+                - containerPort: 8443
+                  name: https
+                  protocol: TCP
                 readinessProbe:
                   httpGet:
                     path: /readyz

diff --git a/cmd/start/main.go b/cmd/start/main.go
@@ -32,7 +32,6 @@ func start(c *cobra.Command, args []string) {
 	version := version.Get()
 
 	options.PprofBindAddress, _ = c.Flags().GetString("pprof-addr")
-	options.Metrics.BindAddress, _ = c.Flags().GetString("metrics-bind-address")
 	options.Metrics.CertName, _ = c.Flags().GetString("metrics-tls-cert-file")
 	options.Metrics.KeyName, _ = c.Flags().GetString("metrics-tls-private-key-file")
 
@@ -163,7 +162,6 @@ func NewStartCommand() *cobra.Command {
 		Run:   start,
 	}
 	cmd.Flags().String("pprof-addr", "", "The address the pprof server binds to. Default is empty string which disables the pprof server.")
-	cmd.Flags().String("metrics-bind-address", ":8443", "Metrics binding address")
 	cmd.Flags().String("metrics-tls-cert-file", "", "TLS certificate used by metrics server")
 	cmd.Flags().String("metrics-tls-private-key-file", "", "TLS key used by metrics server")
 	return cmd

diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml
@@ -15,11 +15,10 @@ metadata:
   name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
   namespace: system
 spec:
-  # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
-  # replacements in the config/default/kustomization.yaml file.
+  # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize
   dnsNames:
-    - SERVICE_NAME.SERVICE_NAMESPACE.svc
-    - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
+  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc
+  - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local
   issuerRef:
     kind: Issuer
     name: selfsigned-issuer

diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -1,29 +1,52 @@
-resources:
+bases:
 - ../crd
 - ../rbac
 - ../manager
 - ../webhook
 - ../certmanager
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
 #- ../prometheus
-- metrics_service.yaml
 
-patches:
+patchesStrategicMerge:
+
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
-- path: manager_config_patch.yaml
-
-- path: manager_metrics_patch.yaml
-  target:
-    kind: Deployment
-
+- manager_config_patch.yaml
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
-- path: manager_webhook_patch.yaml
+- manager_webhook_patch.yaml
 
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
 # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
 # 'CERTMANAGER' needs to be enabled to use ca injection
-#- path: webhookcainjection_patch.yaml
+- webhookcainjection_patch.yaml
 
+# the following config is for teaching kustomize how to do var substitution
+vars:
+- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+  objref:
+    kind: Certificate
+    group: cert-manager.io
+    version: v1
+    name: serving-cert # this name should match the one in certificate.yaml
+  fieldref:
+    fieldpath: metadata.namespace
+- name: CERTIFICATE_NAME
+  objref:
+    kind: Certificate
+    group: cert-manager.io
+    version: v1
+    name: serving-cert # this name should match the one in certificate.yaml
+- name: SERVICE_NAMESPACE # namespace of the service
+  objref:
+    kind: Service
+    version: v1
+    name: webhook-service
+  fieldref:
+    fieldpath: metadata.namespace
+- name: SERVICE_NAME
+  objref:
+    kind: Service
+    version: v1
+    name: webhook-service
diff --git a/config/default/manager_config_patch.yaml b/config/default/manager_config_patch.yaml
@@ -16,6 +16,10 @@ spec:
         - name: manager-config
           mountPath: /controller_manager_config.yaml
           subPath: controller_manager_config.yaml
+        ports:
+        - containerPort: 8443
+          name: https
+          protocol: TCP
       volumes:
       - name: manager-config
         configMap:

diff --git a/config/default/manager_metrics_patch.yaml b/config/default/manager_metrics_patch.yaml
diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml
@@ -0,0 +1,15 @@
+# This patch add annotation to admission webhook config and
+# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: validating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
diff --git a/config/overlays/community/controller_manager_config.yaml b/config/overlays/community/controller_manager_config.yaml
@@ -4,7 +4,8 @@ distribution: community
 health:
   healthProbeBindAddress: :8081
 metrics:
-  bindAddress: 127.0.0.1:8080
+  secure: true
+  bindAddress: 127.0.0.1:8443
 webhook:
   port: 9443
 leaderElection:

diff --git a/config/overlays/community/kustomization.yaml b/config/overlays/community/kustomization.yaml
@@ -25,141 +25,3 @@ configMapGenerator:
 - files:
   - controller_manager_config.yaml
   name: manager-config
-
-replacements:
-  - source: # Uncomment the following block to enable certificates for metrics
-      kind: Service
-      version: v1
-      name: controller-manager-metrics-service
-      fieldPath: metadata.name
-    targets:
-      - select:
-          kind: Certificate
-          group: cert-manager.io
-          version: v1
-          name: metrics-certs
-        fieldPaths:
-          - spec.dnsNames.0
-          - spec.dnsNames.1
-        options:
-          delimiter: '.'
-          index: 0
-          create: true
-
-  - source:
-      kind: Service
-      version: v1
-      name: controller-manager-metrics-service
-      fieldPath: metadata.namespace
-    targets:
-      - select:
-          kind: Certificate
-          group: cert-manager.io
-          version: v1
-          name: metrics-certs
-        fieldPaths:
-          - spec.dnsNames.0
-          - spec.dnsNames.1
-        options:
-          delimiter: '.'
-          index: 1
-          create: true
-
-  - source: # Uncomment the following block if you have any webhook
-      kind: Service
-      version: v1
-      name: webhook-service
-      fieldPath: .metadata.name # Name of the service
-    targets:
-      - select:
-          kind: Certificate
-          group: cert-manager.io
-          version: v1
-          name: serving-cert
-        fieldPaths:
-          - .spec.dnsNames.0
-          - .spec.dnsNames.1
-        options:
-          delimiter: '.'
-          index: 0
-          create: true
-  - source:
-      kind: Service
-      version: v1
-      name: webhook-service
-      fieldPath: .metadata.namespace # Namespace of the service
-    targets:
-      - select:
-          kind: Certificate
-          group: cert-manager.io
-          version: v1
-          name: serving-cert
-        fieldPaths:
-          - .spec.dnsNames.0
-          - .spec.dnsNames.1
-        options:
-          delimiter: '.'
-          index: 1
-          create: true
-
-  - source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert # This name should match the one in certificate.yaml
-      fieldPath: .metadata.namespace # Namespace of the certificate CR
-    targets:
-      - select:
-          kind: ValidatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 0
-          create: true
-  - source:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert
-      fieldPath: .metadata.name
-    targets:
-      - select:
-          kind: ValidatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 1
-          create: true
-
-  - source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert
-      fieldPath: .metadata.namespace # Namespace of the certificate CR
-    targets:
-      - select:
-          kind: MutatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 0
-          create: true
-  - source:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert
-      fieldPath: .metadata.name
-    targets:
-      - select:
-          kind: MutatingWebhookConfiguration
-        fieldPaths:
-          - .metadata.annotations.[cert-manager.io/inject-ca-from]
-        options:
-          delimiter: '/'
-          index: 1
-          create: true
diff --git a/config/overlays/openshift/controller_manager_config.yaml b/config/overlays/openshift/controller_manager_config.yaml
@@ -4,7 +4,8 @@ distribution: openshift
 health:
   healthProbeBindAddress: :8081
 metrics:
-  bindAddress: 127.0.0.1:8080
+  secure: true
+  bindAddress: 127.0.0.1:8443
 webhook:
   port: 9443
 leaderElection: