Fix API Server url for Managed EKS

Signed-off-by: QuentinBisson <[email protected]>
giantswarm · Sep 20, 2023 · 7357ce0 · 7357ce0
1 parent 75f55c2
commit 7357ce0
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 19 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+
+- Fix api server url in case the CAPI provider sets https prefix in the CAPI CR status.
+
 ## [4.48.0] - 2023-09-19
 
 ### Changed

diff --git a/files/templates/scrapeconfigs/_apiserver.yaml b/files/templates/scrapeconfigs/_apiserver.yaml
@@ -1,6 +1,6 @@
 [[- define "_apiserver" -]]
 [[- if ne .ClusterType "management_cluster" ]]
-    api_server: https://[[ .APIServerURL ]]
+    api_server: [[ .APIServerURL ]]
 [[- if eq .AuthenticationType "token" ]]
     bearer_token_file: /etc/prometheus/secrets/[[ .SecretName ]]/token
 [[- end ]]

diff --git a/files/templates/scrapeconfigs/additional-scrape-configs.template.yaml b/files/templates/scrapeconfigs/additional-scrape-configs.template.yaml
@@ -29,7 +29,7 @@
 [[- include "_tlsconfig" . ]]
   relabel_configs:
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - source_labels: [__meta_kubernetes_node_name]
     target_label: __metrics_path__
     replacement: /api/v1/nodes/${1}:9323/proxy/metrics
@@ -81,7 +81,7 @@
   - source_labels: [__address__]
     target_label: instance
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - source_labels: [__meta_kubernetes_node_name]
     target_label: __metrics_path__
     replacement: /api/v1/nodes/${1}:10250/proxy/metrics
@@ -109,7 +109,7 @@
   - source_labels: [__address__]
     target_label: instance
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - source_labels: [__meta_kubernetes_node_name]
     target_label: __metrics_path__
     replacement: /api/v1/nodes/${1}:10250/proxy/metrics/cadvisor
@@ -151,7 +151,7 @@
     replacement: ${1}:9091
     target_label: instance
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (calico-node.*)
     target_label: __metrics_path__
@@ -192,7 +192,7 @@
     regex: (etcd)
     action: keep
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - source_labels: [__meta_kubernetes_pod_name]
     target_label: __metrics_path__
     replacement: /api/v1/namespaces/kube-system/pods/${1}:2381/proxy/metrics
@@ -267,7 +267,7 @@
     regex: (k8s-controller-manager|kube-controller-manager)
     action: keep
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
     target_label: __metrics_path__
     regex: (.+);(\d+)
@@ -319,7 +319,7 @@
     regex: (k8s-scheduler|kube-scheduler)
     action: keep
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - source_labels: [__meta_kubernetes_pod_name, __tmp_port]
     target_label: __metrics_path__
     regex: (.+);(\d+)
@@ -357,7 +357,7 @@
     regex: (kube-proxy.*)
     action: keep
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (kube-proxy.*)
     target_label: __metrics_path__
@@ -390,7 +390,7 @@
     regex: coredns
     action: keep
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (coredns.*)
     target_label: __metrics_path__
@@ -430,7 +430,7 @@
     regex: cert-exporter
     action: keep
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (cert-exporter.*)
     target_label: __metrics_path__
@@ -453,7 +453,7 @@
 [[- include "_tlsconfig_skip" . ]]
   relabel_configs:
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - source_labels: [__meta_kubernetes_pod_name]
     regex: (node-exporter.*)
     target_label: __metrics_path__
@@ -514,7 +514,7 @@
     action: replace
   - regex: (.*)
     target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
     action: replace
   - source_labels: [__meta_kubernetes_service_name]
     regex: (.*)
@@ -831,7 +831,7 @@
     target_label: instance
     replacement: ${1}:10254
   - target_label: __address__
-    replacement: [[ .APIServerURL ]]
+    replacement: [[ trimPrefix "https://" .APIServerURL ]]
   - target_label: app
     replacement: nginx-ingress-controller
   - source_labels: [__meta_kubernetes_pod_name]

diff --git a/service/controller/resource/monitoring/prometheus/resource.go b/service/controller/resource/monitoring/prometheus/resource.go
@@ -262,7 +262,7 @@ func toPrometheus(ctx context.Context, v interface{}, config Config) (metav1.Obj
 	if !key.IsManagementCluster(config.Installation, cluster) {
 		// Workload cluster
 		prometheus.Spec.APIServerConfig = &promv1.APIServerConfig{
-			Host: fmt.Sprintf("https://%s", key.APIUrl(cluster)),
+			Host: key.APIUrl(cluster),
 			TLSConfig: &promv1.TLSConfig{
 				CAFile: fmt.Sprintf("/etc/prometheus/secrets/%s/ca", key.APIServerCertificatesSecretName),
 			},
@@ -317,7 +317,7 @@ func toPrometheus(ctx context.Context, v interface{}, config Config) (metav1.Obj
 	} else {
 		// Management cluster
 		prometheus.Spec.APIServerConfig = &promv1.APIServerConfig{
-			Host:            fmt.Sprintf("https://%s", key.APIUrl(cluster)),
+			Host:            key.APIUrl(cluster),
 			BearerTokenFile: key.BearerTokenPath,
 			TLSConfig: &promv1.TLSConfig{
 				CAFile: key.CAFilePath,

diff --git a/service/key/key.go b/service/key/key.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"math"
+	"strings"
 
 	"github.com/giantswarm/k8sclient/v7/pkg/k8sclient"
 	"github.com/giantswarm/microerror"
@@ -270,11 +271,15 @@ func AlertmanagerKey() string {
 func APIUrl(obj interface{}) string {
 	switch v := obj.(type) {
 	case *v1.Service:
-		return "kubernetes.default:443"
+		return "https://kubernetes.default:443"
 	case *capi.Cluster:
-		return fmt.Sprintf("%s:%d", v.Spec.ControlPlaneEndpoint.Host, v.Spec.ControlPlaneEndpoint.Port)
+		controlPlaneEndpointHost := v.Spec.ControlPlaneEndpoint.Host
+		if !strings.HasPrefix(controlPlaneEndpointHost, "https://") {
+			controlPlaneEndpointHost = "https://" + controlPlaneEndpointHost
+		}
+		return fmt.Sprintf("%s:%d", controlPlaneEndpointHost, v.Spec.ControlPlaneEndpoint.Port)
 	case metav1.Object:
-		return fmt.Sprintf("master.%s:443", v.GetName())
+		return fmt.Sprintf("https://master.%s:443", v.GetName())
 	}
 
 	return ""