From d3eab396be2c5f848b94101e8556dcbcafa8050a Mon Sep 17 00:00:00 2001 From: Camila Macedo <7708031+camilamacedo86@users.noreply.github.com> Date: Tue, 11 Feb 2025 06:25:28 +0000 Subject: [PATCH] (go/v4,helm/v1-alpha): Fix prometheus integration with TLS check --- .../testdata/project/config/prometheus/monitor_tls_patch.yaml | 1 + .../project/dist/chart/templates/prometheus/monitor.yaml | 1 + .../book/src/cronjob-tutorial/testdata/project/dist/install.yaml | 1 + .../testdata/project/config/prometheus/monitor_tls_patch.yaml | 1 + .../project/dist/chart/templates/prometheus/monitor.yaml | 1 + .../testdata/project/config/prometheus/monitor_tls_patch.yaml | 1 + .../project/dist/chart/templates/prometheus/monitor.yaml | 1 + .../src/multiversion-tutorial/testdata/project/dist/install.yaml | 1 + .../internal/templates/config/prometheus/monitor_tls_patch.go | 1 + .../internal/templates/chart-templates/prometheus/monitor.go | 1 + .../config/prometheus/monitor_tls_patch.yaml | 1 + .../config/prometheus/monitor_tls_patch.yaml | 1 + .../dist/chart/templates/prometheus/monitor.yaml | 1 + testdata/project-v4/config/prometheus/monitor_tls_patch.yaml | 1 + 14 files changed, 14 insertions(+) diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/prometheus/monitor_tls_patch.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/prometheus/monitor_tls_patch.yaml index e824dd0ff86..a5e0f96d33d 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/config/prometheus/monitor_tls_patch.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/config/prometheus/monitor_tls_patch.yaml @@ -8,6 +8,7 @@ metadata: spec: endpoints: - tlsConfig: + serverName: project-controller-manager-metrics-service.system.svc insecureSkipVerify: false ca: secret: diff --git a/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/prometheus/monitor.yaml b/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/prometheus/monitor.yaml index 2ff384a1435..78d68d06f22 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/prometheus/monitor.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/dist/chart/templates/prometheus/monitor.yaml @@ -15,6 +15,7 @@ spec: bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token tlsConfig: {{- if .Values.certmanager.enable }} + serverName: project-controller-manager-metrics-service.{{ .Release.Namespace }}.svc # Apply secure TLS configuration with cert-manager insecureSkipVerify: false ca: diff --git a/docs/book/src/cronjob-tutorial/testdata/project/dist/install.yaml b/docs/book/src/cronjob-tutorial/testdata/project/dist/install.yaml index a240adc8607..66459f07199 100644 --- a/docs/book/src/cronjob-tutorial/testdata/project/dist/install.yaml +++ b/docs/book/src/cronjob-tutorial/testdata/project/dist/install.yaml @@ -4289,6 +4289,7 @@ spec: keySecret: key: tls.key name: metrics-server-cert + serverName: project-controller-manager-metrics-service.system.svc selector: matchLabels: app.kubernetes.io/name: project diff --git a/docs/book/src/getting-started/testdata/project/config/prometheus/monitor_tls_patch.yaml b/docs/book/src/getting-started/testdata/project/config/prometheus/monitor_tls_patch.yaml index e824dd0ff86..a5e0f96d33d 100644 --- a/docs/book/src/getting-started/testdata/project/config/prometheus/monitor_tls_patch.yaml +++ b/docs/book/src/getting-started/testdata/project/config/prometheus/monitor_tls_patch.yaml @@ -8,6 +8,7 @@ metadata: spec: endpoints: - tlsConfig: + serverName: project-controller-manager-metrics-service.system.svc insecureSkipVerify: false ca: secret: diff --git a/docs/book/src/getting-started/testdata/project/dist/chart/templates/prometheus/monitor.yaml b/docs/book/src/getting-started/testdata/project/dist/chart/templates/prometheus/monitor.yaml index 2ff384a1435..78d68d06f22 100644 --- a/docs/book/src/getting-started/testdata/project/dist/chart/templates/prometheus/monitor.yaml +++ b/docs/book/src/getting-started/testdata/project/dist/chart/templates/prometheus/monitor.yaml @@ -15,6 +15,7 @@ spec: bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token tlsConfig: {{- if .Values.certmanager.enable }} + serverName: project-controller-manager-metrics-service.{{ .Release.Namespace }}.svc # Apply secure TLS configuration with cert-manager insecureSkipVerify: false ca: diff --git a/docs/book/src/multiversion-tutorial/testdata/project/config/prometheus/monitor_tls_patch.yaml b/docs/book/src/multiversion-tutorial/testdata/project/config/prometheus/monitor_tls_patch.yaml index e824dd0ff86..a5e0f96d33d 100644 --- a/docs/book/src/multiversion-tutorial/testdata/project/config/prometheus/monitor_tls_patch.yaml +++ b/docs/book/src/multiversion-tutorial/testdata/project/config/prometheus/monitor_tls_patch.yaml @@ -8,6 +8,7 @@ metadata: spec: endpoints: - tlsConfig: + serverName: project-controller-manager-metrics-service.system.svc insecureSkipVerify: false ca: secret: diff --git a/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/prometheus/monitor.yaml b/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/prometheus/monitor.yaml index 2ff384a1435..78d68d06f22 100644 --- a/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/prometheus/monitor.yaml +++ b/docs/book/src/multiversion-tutorial/testdata/project/dist/chart/templates/prometheus/monitor.yaml @@ -15,6 +15,7 @@ spec: bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token tlsConfig: {{- if .Values.certmanager.enable }} + serverName: project-controller-manager-metrics-service.{{ .Release.Namespace }}.svc # Apply secure TLS configuration with cert-manager insecureSkipVerify: false ca: diff --git a/docs/book/src/multiversion-tutorial/testdata/project/dist/install.yaml b/docs/book/src/multiversion-tutorial/testdata/project/dist/install.yaml index 0f6e2f94388..f42817818be 100644 --- a/docs/book/src/multiversion-tutorial/testdata/project/dist/install.yaml +++ b/docs/book/src/multiversion-tutorial/testdata/project/dist/install.yaml @@ -8135,6 +8135,7 @@ spec: keySecret: key: tls.key name: metrics-server-cert + serverName: project-controller-manager-metrics-service.system.svc selector: matchLabels: app.kubernetes.io/name: project diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/prometheus/monitor_tls_patch.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/prometheus/monitor_tls_patch.go index b134911a7e1..66788a00077 100644 --- a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/prometheus/monitor_tls_patch.go +++ b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/prometheus/monitor_tls_patch.go @@ -52,6 +52,7 @@ metadata: spec: endpoints: - tlsConfig: + serverName: {{ .ProjectName }}-controller-manager-metrics-service.system.svc insecureSkipVerify: false ca: secret: diff --git a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart-templates/prometheus/monitor.go b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart-templates/prometheus/monitor.go index 8acd4d6ae15..a4e90fb66c9 100644 --- a/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart-templates/prometheus/monitor.go +++ b/pkg/plugins/optional/helm/v1alpha/scaffolds/internal/templates/chart-templates/prometheus/monitor.go @@ -59,6 +59,7 @@ spec: bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token tlsConfig: {{ "{{- if .Values.certmanager.enable }}" }} + serverName: {{ .ProjectName }}-controller-manager-metrics-service.{{ "{{ .Release.Namespace }}" }}.svc # Apply secure TLS configuration with cert-manager insecureSkipVerify: false ca: diff --git a/testdata/project-v4-multigroup/config/prometheus/monitor_tls_patch.yaml b/testdata/project-v4-multigroup/config/prometheus/monitor_tls_patch.yaml index e824dd0ff86..7ae8caa6b1e 100644 --- a/testdata/project-v4-multigroup/config/prometheus/monitor_tls_patch.yaml +++ b/testdata/project-v4-multigroup/config/prometheus/monitor_tls_patch.yaml @@ -8,6 +8,7 @@ metadata: spec: endpoints: - tlsConfig: + serverName: project-v4-multigroup-controller-manager-metrics-service.system.svc insecureSkipVerify: false ca: secret: diff --git a/testdata/project-v4-with-plugins/config/prometheus/monitor_tls_patch.yaml b/testdata/project-v4-with-plugins/config/prometheus/monitor_tls_patch.yaml index e824dd0ff86..bb380b3f9dd 100644 --- a/testdata/project-v4-with-plugins/config/prometheus/monitor_tls_patch.yaml +++ b/testdata/project-v4-with-plugins/config/prometheus/monitor_tls_patch.yaml @@ -8,6 +8,7 @@ metadata: spec: endpoints: - tlsConfig: + serverName: project-v4-with-plugins-controller-manager-metrics-service.system.svc insecureSkipVerify: false ca: secret: diff --git a/testdata/project-v4-with-plugins/dist/chart/templates/prometheus/monitor.yaml b/testdata/project-v4-with-plugins/dist/chart/templates/prometheus/monitor.yaml index abb87440c0a..92773eb66b9 100644 --- a/testdata/project-v4-with-plugins/dist/chart/templates/prometheus/monitor.yaml +++ b/testdata/project-v4-with-plugins/dist/chart/templates/prometheus/monitor.yaml @@ -15,6 +15,7 @@ spec: bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token tlsConfig: {{- if .Values.certmanager.enable }} + serverName: project-v4-with-plugins-controller-manager-metrics-service.{{ .Release.Namespace }}.svc # Apply secure TLS configuration with cert-manager insecureSkipVerify: false ca: diff --git a/testdata/project-v4/config/prometheus/monitor_tls_patch.yaml b/testdata/project-v4/config/prometheus/monitor_tls_patch.yaml index e824dd0ff86..6cbaf3a92be 100644 --- a/testdata/project-v4/config/prometheus/monitor_tls_patch.yaml +++ b/testdata/project-v4/config/prometheus/monitor_tls_patch.yaml @@ -8,6 +8,7 @@ metadata: spec: endpoints: - tlsConfig: + serverName: project-v4-controller-manager-metrics-service.system.svc insecureSkipVerify: false ca: secret: