chore: add v0.6.x to metadata, fix metrics service

Part of #1070 Signed-off-by: Gerard de Leeuw <[email protected]> Signed-off-by: Andrey Smirnov <[email protected]>
siderolabs · Apr 7, 2023 · ef65ff0 · ef65ff0
1 parent e433504
commit ef65ff0
Show file tree

Hide file tree

Showing 10 changed files with 63 additions and 18 deletions.
diff --git a/app/caps-controller-manager/config/default/kustomization.yaml b/app/caps-controller-manager/config/default/kustomization.yaml
@@ -14,6 +14,7 @@ bases:
   - ../manager
 
 patchesStrategicMerge:
+  - manager_auth_proxy_patch.yaml
   - manager_webhook_patch.yaml
   - webhookcainjection_patch.yaml
 

diff --git a/app/caps-controller-manager/config/default/manager_auth_proxy_patch.yaml b/app/caps-controller-manager/config/default/manager_auth_proxy_patch.yaml
@@ -0,0 +1,21 @@
+# This patch inject a sidecar container which is an HTTP proxy for the controller manager,
+# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: kube-rbac-proxy
+          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
+          args:
+            - "--secure-listen-address=0.0.0.0:8443"
+            - "--upstream=http://127.0.0.1:8080/"
+            - "--logtostderr=true"
+            - "--v=10"
+          ports:
+            - containerPort: 8443
+              name: https
diff --git a/app/caps-controller-manager/config/prometheus/monitor.yaml b/app/caps-controller-manager/config/prometheus/monitor.yaml
@@ -1,4 +1,3 @@
-
 # Prometheus Monitor Service (Metrics)
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor

diff --git a/app/caps-controller-manager/config/rbac/auth_proxy_service.yaml b/app/caps-controller-manager/config/rbac/auth_proxy_service.yaml
@@ -7,8 +7,8 @@ metadata:
   namespace: system
 spec:
   ports:
-  - name: https
-    port: 8443
-    targetPort: https
+    - name: https
+      port: 8443
+      targetPort: https
   selector:
     control-plane: caps-controller-manager
diff --git a/app/caps-controller-manager/config/rbac/kustomization.yaml b/app/caps-controller-manager/config/rbac/kustomization.yaml
@@ -6,6 +6,6 @@ resources:
   # Comment the following 3 lines if you want to disable
   # the auth proxy (https://github.com/brancz/kube-rbac-proxy)
   # which protects your /metrics endpoint.
-  # - auth_proxy_service.yaml
-  # - auth_proxy_role.yaml
-  # - auth_proxy_role_binding.yaml
+  - auth_proxy_service.yaml
+  - auth_proxy_role.yaml
+  - auth_proxy_role_binding.yaml
diff --git a/app/sidero-controller-manager/config/kustomization.yaml b/app/sidero-controller-manager/config/kustomization.yaml
@@ -16,13 +16,13 @@ patchesStrategicMerge:
   # Protect the /metrics endpoint by putting it behind auth.
   # Only one of manager_auth_proxy_patch.yaml and
   # manager_prometheus_metrics_patch.yaml should be enabled.
-  #- manager_auth_proxy_patch.yaml
-    # If you want your controller-manager to expose the /metrics
-    # endpoint w/o any authn/z, uncomment the following line and
-    # comment manager_auth_proxy_patch.yaml.
-    # Only one of manager_auth_proxy_patch.yaml and
-    # manager_prometheus_metrics_patch.yaml should be enabled.
-#- manager_prometheus_metrics_patch.yaml
+  - manager_auth_proxy_patch.yaml
+  # If you want your controller-manager to expose the /metrics
+  # endpoint w/o any authn/z, uncomment the following line and
+  # comment manager_auth_proxy_patch.yaml.
+  # Only one of manager_auth_proxy_patch.yaml and
+  # manager_prometheus_metrics_patch.yaml should be enabled.
+  #- manager_prometheus_metrics_patch.yaml
   - manager_webhook_patch.yaml
   - webhookcainjection_patch.yaml
 vars:

diff --git a/app/sidero-controller-manager/config/manager_auth_proxy_patch.yaml b/app/sidero-controller-manager/config/manager_auth_proxy_patch.yaml
@@ -0,0 +1,21 @@
+# This patch inject a sidecar container which is an HTTP proxy for the controller manager,
+# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: kube-rbac-proxy
+          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.1
+          args:
+            - "--secure-listen-address=0.0.0.0:8443"
+            - "--upstream=http://127.0.0.1:8080/"
+            - "--logtostderr=true"
+            - "--v=10"
+          ports:
+            - containerPort: 8443
+              name: https
diff --git a/app/sidero-controller-manager/config/prometheus/monitor.yaml b/app/sidero-controller-manager/config/prometheus/monitor.yaml
@@ -3,12 +3,12 @@ apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
   labels:
-    control-plane: caps-controller-manager
+    control-plane: sidero-controller-manager
   name: metrics-monitor
   namespace: system
 spec:
   endpoints:
     - path: /metrics
       port: https
   selector:
-    control-plane: caps-controller-manager
+    control-plane: sidero-controller-manager
diff --git a/app/sidero-controller-manager/config/rbac/auth_proxy_service.yaml b/app/sidero-controller-manager/config/rbac/auth_proxy_service.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    control-plane: caps-controller-manager
+    control-plane: sidero-controller-manager
   name: controller-manager-metrics-service
   namespace: system
 spec:
@@ -11,4 +11,4 @@ spec:
       port: 8443
       targetPort: https
   selector:
-    control-plane: caps-controller-manager
+    control-plane: sidero-controller-manager
diff --git a/config/metadata/metadata.yaml b/config/metadata/metadata.yaml
@@ -16,3 +16,6 @@ releaseSeries:
   - major: 0
     minor: 5
     contract: v1beta1
+  - major: 0
+    minor: 6
+    contract: v1beta1