feat: add metrics service to oathkeeper (#392)

.circleci/values/hydra.yaml

@@ -8,7 +8,7 @@ hydra:
   autoMigrate: true
   dangerousForceHttp: true
   config:
-    dsn: "postgres://ory:[email protected]/ory?sslmode=disable&max_conn_lifetime=10s"
+    dsn: "postgres://postgres:[email protected]/ory?sslmode=disable&max_conn_lifetime=10s"
     secrets:
       system:
         - "OG5XbmxXa3dYeGplQXpQanYxeEFuRUFa"

.circleci/values/keto.yaml

@@ -2,7 +2,7 @@
 keto:
   autoMigrate: true
   config:
-    dsn: "postgres://ory:[email protected]/ory?sslmode=disable&max_conn_lifetime=10s"
+    dsn: "postgres://postgres:[email protected]/ory?sslmode=disable&max_conn_lifetime=10s"
 ingress:
   read:
     enabled: true

.circleci/values/kratos.yaml

@@ -43,7 +43,7 @@ kratos:
   config:
     # ciphers: 
     #   algorithm: aes
-    dsn: "postgres://ory:[email protected]/ory?sslmode=disable&max_conn_lifetime=10s"
+    dsn: "postgres://postgres:[email protected]/ory?sslmode=disable&max_conn_lifetime=10s"
     selfservice:
       default_browser_return_url: http://127.0.0.1:4455/
       methods:

.circleci/values/postgres.yaml

@@ -1,3 +1,5 @@
-postgresqlUsername: ory
-postgresqlPassword: ory
-postgresqlDatabase: ory
+global:
+  postgresql:
+    auth:
+      database: ory
+      postgresPassword: ory

helm/charts/kratos/templates/service-admin.yaml

@@ -33,6 +33,7 @@ metadata:
   name: {{ include "kratos.fullname" . }}-admin
   namespace: {{ .Release.Namespace }}
   labels:
+    app.kubernetes.io/component: admin
 {{ include "kratos.labels" . | indent 4 }}
   {{- with .Values.service.admin.annotations }}
   annotations:

helm/charts/oathkeeper/templates/deployment-controller.yaml

@@ -106,6 +106,9 @@ spec:
             - name: http-proxy
               containerPort: {{ .Values.oathkeeper.config.serve.proxy.port }}
               protocol: TCP
+            - name: http-metrics
+              protocol: TCP
+              containerPort: {{ .Values.oathkeeper.config.serve.prometheus.port }}
           livenessProbe:
             httpGet:
               path: /health/alive

helm/charts/oathkeeper/templates/deployment-sidecar.yaml

@@ -85,6 +85,9 @@ spec:
             - name: http-proxy
               containerPort: {{ .Values.oathkeeper.config.serve.proxy.port }}
               protocol: TCP
+            - name: http-metrics
+              protocol: TCP
+              containerPort: {{ .Values.oathkeeper.config.serve.prometheus.port }}
           livenessProbe:
             httpGet:
               path: /health/alive

helm/charts/oathkeeper/templates/service-api.yaml

@@ -7,6 +7,7 @@ metadata:
   namespace: {{ .Release.Namespace }}
   {{- end }}
   labels:
+    app.kubernetes.io/component: api
 {{ include "oathkeeper.labels" . | indent 4 }}
     {{- with .Values.service.api.labels }}
       {{- toYaml . | nindent 4 }}

helm/charts/oathkeeper/templates/service-metrics.yaml

@@ -0,0 +1,55 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "oathkeeper.fullname" . }}-metrics
+  {{- if .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    app.kubernetes.io/component: metrics
+{{ include "oathkeeper.labels" . | indent 4 }}
+    {{- with .Values.service.metrics.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.service.metrics.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.service.metrics.type }}
+  ports:
+    - port: {{ .Values.service.metrics.port }}
+      targetPort: http-metrics
+      protocol: TCP
+      name: {{ .Values.service.metrics.name }} 
+  selector:
+    app.kubernetes.io/name: {{ include "oathkeeper.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+{{- if .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "oathkeeper.fullname" . }}-metrics
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/component: metrics
+{{ include "oathkeeper.labels" . | indent 4 }}
+    {{- with .Values.service.metrics.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.service.metrics.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  endpoints:
+  - path: /metrics/prometheus
+    port: {{ .Values.service.metrics.name }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "oathkeeper.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      app.kubernetes.io/component: metrics
+{{- end -}}

helm/charts/oathkeeper/templates/service-proxy.yaml

@@ -7,6 +7,7 @@ metadata:
   namespace: {{ .Release.Namespace }}
   {{- end }}
   labels:
+    app.kubernetes.io/component: proxy
 {{ include "oathkeeper.labels" . | indent 4 }}
     {{- with .Values.service.proxy.labels }}
       {{- toYaml . | nindent 4 }}

helm/charts/oathkeeper/values.yaml

@@ -13,7 +13,7 @@ image:
   # -- ORY Oathkeeper image
   repository: oryd/oathkeeper
   # -- ORY Oathkeeper version
-  tag: v0.38.9-beta.1
+  tag: v0.38.17-beta.1
   # -- Image pull policy
   pullPolicy: IfNotPresent
 
@@ -48,13 +48,12 @@ service:
     name: http
     # -- If you do want to specify annotations, uncomment the following
     # lines, adjust them as necessary, and remove the curly braces after 'annotations:'.
-    annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
+    annotations: {}
+    # -- If you do want to specify additional labels, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'labels:'.
+    # e.g.  app: oathkeeper
     labels: {}
-    #      If you do want to specify additional labels, uncomment the following
-    #      lines, adjust them as necessary, and remove the curly braces after 'labels:'.
-    #      e.g.  app: oathkeeper
 
   # -- Configures the Kubernetes service for the api port.
   api:
@@ -68,13 +67,31 @@ service:
     name: http
     # -- If you do want to specify annotations, uncomment the following
     # lines, adjust them as necessary, and remove the curly braces after 'annotations:'.
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
     annotations: {}
+    # -- If you do want to specify additional labels, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'labels:'.
+    # e.g.  app: oathkeeper
+    labels: {}
+
+  # -- Configures the Kubernetes service for the metrics port.
+  metrics:
+    # -- En-/disable the service
+    enabled: true
+    # -- The service type
+    type: ClusterIP
+    # -- The service port
+    port: 80
+    # -- The service port name. Useful to set a custom service port name if it must follow a scheme (e.g. Istio)
+    name: http
+    # -- If you do want to specify annotations, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'annotations:'.
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
+    annotations: {}
+    # -- If you do want to specify additional labels, uncomment the following lines, adjust them as necessary, and remove the curly braces after 'labels:'.
+    # e.g.  app: oathkeeper
     labels: {}
-    #      If you do want to specify additional labels, uncomment the following
-    #      lines, adjust them as necessary, and remove the curly braces after 'labels:'.
-    #      e.g.  app: oathkeeper
 
 # -- Configure ingress
 ingress:
@@ -134,6 +151,8 @@ oathkeeper:
         port: 4455
       api:
         port: 4456
+      prometheus:
+        port: 9000
   # -- If set, uses the given JSON Web Key Set as the signing key for the ID Token Mutator.
   mutatorIdTokenJWKs: {}
   # -- If set, uses the given access rules.