Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(cert-manager): enable service monitor #4644

Merged
merged 2 commits into from
Feb 25, 2025
Merged

feat(cert-manager): enable service monitor #4644

merged 2 commits into from
Feb 25, 2025

Conversation

tyriis
Copy link
Owner

@tyriis tyriis commented Feb 25, 2025

No description provided.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@tyriis-automation
Copy link
Contributor 

--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

@@ -22,16 +22,12 @@

       labels:
         app: cainjector
         app.kubernetes.io/name: cainjector
         app.kubernetes.io/instance: cert-manager
         app.kubernetes.io/component: cainjector
         app.kubernetes.io/managed-by: Helm
-      annotations:
-        prometheus.io/path: /metrics
-        prometheus.io/scrape: 'true'
-        prometheus.io/port: '9402'
     spec:
       serviceAccountName: cert-manager-cainjector
       enableServiceLinks: false
       securityContext:
         runAsNonRoot: true
         seccompProfile:
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

@@ -22,16 +22,12 @@

       labels:
         app: cert-manager
         app.kubernetes.io/name: cert-manager
         app.kubernetes.io/instance: cert-manager
         app.kubernetes.io/component: controller
         app.kubernetes.io/managed-by: Helm
-      annotations:
-        prometheus.io/path: /metrics
-        prometheus.io/scrape: 'true'
-        prometheus.io/port: '9402'
     spec:
       serviceAccountName: cert-manager
       enableServiceLinks: false
       securityContext:
         runAsNonRoot: true
         seccompProfile:
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

@@ -22,16 +22,12 @@

       labels:
         app: webhook
         app.kubernetes.io/name: webhook
         app.kubernetes.io/instance: cert-manager
         app.kubernetes.io/component: webhook
         app.kubernetes.io/managed-by: Helm
-      annotations:
-        prometheus.io/path: /metrics
-        prometheus.io/scrape: 'true'
-        prometheus.io/port: '9402'
     spec:
       serviceAccountName: cert-manager-webhook
       enableServiceLinks: false
       securityContext:
         runAsNonRoot: true
         seccompProfile:
--- HelmRelease: cert-manager/cert-manager ServiceMonitor: cert-manager/cert-manager

+++ HelmRelease: cert-manager/cert-manager ServiceMonitor: cert-manager/cert-manager

@@ -0,0 +1,40 @@

+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+  labels:
+    app: cert-manager
+    app.kubernetes.io/name: cert-manager
+    app.kubernetes.io/instance: cert-manager
+    app.kubernetes.io/component: controller
+    app.kubernetes.io/managed-by: Helm
+    prometheus: default
+spec:
+  jobLabel: cert-manager
+  selector:
+    matchExpressions:
+    - key: app.kubernetes.io/name
+      operator: In
+      values:
+      - cainjector
+      - cert-manager
+      - webhook
+    - key: app.kubernetes.io/instance
+      operator: In
+      values:
+      - cert-manager
+    - key: app.kubernetes.io/component
+      operator: In
+      values:
+      - cainjector
+      - controller
+      - webhook
+  endpoints:
+  - targetPort: 9402
+    path: /metrics
+    interval: 60s
+    scrapeTimeout: 30s
+    honorLabels: false
+

@tyriis-automation
Copy link
Contributor

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ EDITORCONFIG editorconfig-checker 4 0 0.02s
✅ REPOSITORY gitleaks yes no 3.24s
✅ YAML prettier 4 0 0.43s
✅ YAML yamllint 4 0 0.39s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@tyriis-automation
Copy link
Contributor 

--- kubernetes/talos-flux/apps/cert-manager/cert-manager/app Kustomization: flux-system/apps-cert-manager HelmRelease: cert-manager/cert-manager

+++ kubernetes/talos-flux/apps/cert-manager/cert-manager/app Kustomization: flux-system/apps-cert-manager HelmRelease: cert-manager/cert-manager

@@ -1,11 +1,12 @@

 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   labels:
+    app.kubernetes.io/name: cert-manager
     kustomize.toolkit.fluxcd.io/name: apps-cert-manager
     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: cert-manager
   namespace: cert-manager
 spec:
   chart:
@@ -41,12 +42,15 @@

     installCRDs: true
     podDnsConfig:
       nameservers:
       - 1.1.1.1
       - 9.9.9.9
     podDnsPolicy: None
+    prometheus:
+      servicemonitor:
+        enabled: true
     replicaCount: 1
     resources:
       limits:
         memory: 100Mi
       requests:
         cpu: 10m
--- kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers HelmRelease: cert-manager/cert-manager-cluster-issuer-selfsigned

+++ kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers HelmRelease: cert-manager/cert-manager-cluster-issuer-selfsigned

@@ -1,11 +1,12 @@

 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   labels:
+    app.kubernetes.io/name: cert-manager-issuers
     kustomize.toolkit.fluxcd.io/name: apps-cert-manager-issuers
     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: cert-manager-cluster-issuer-selfsigned
   namespace: cert-manager
 spec:
   chart:
--- kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers HelmRelease: cert-manager/cert-manager-cluster-issuer-staging

+++ kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers HelmRelease: cert-manager/cert-manager-cluster-issuer-staging

@@ -1,11 +1,12 @@

 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   labels:
+    app.kubernetes.io/name: cert-manager-issuers
     kustomize.toolkit.fluxcd.io/name: apps-cert-manager-issuers
     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: cert-manager-cluster-issuer-staging
   namespace: cert-manager
 spec:
   chart:
--- kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers HelmRelease: cert-manager/cert-manager-cluster-issuer-production

+++ kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers HelmRelease: cert-manager/cert-manager-cluster-issuer-production

@@ -1,11 +1,12 @@

 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   labels:
+    app.kubernetes.io/name: cert-manager-issuers
     kustomize.toolkit.fluxcd.io/name: apps-cert-manager-issuers
     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: cert-manager-cluster-issuer-production
   namespace: cert-manager
 spec:
   chart:
--- kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers ConfigMap: cert-manager/cluster-issuer-selfsigned

+++ kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers ConfigMap: cert-manager/cluster-issuer-selfsigned

@@ -10,11 +10,12 @@

       name: selfsigned
     spec:
       selfSigned: {}
 kind: ConfigMap
 metadata:
   labels:
+    app.kubernetes.io/name: cert-manager-issuers
     kustomize.toolkit.fluxcd.io/name: apps-cert-manager-issuers
     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: cluster-issuer-selfsigned
   namespace: cert-manager
 
--- kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers ConfigMap: cert-manager/cluster-issuer-staging

+++ kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers ConfigMap: cert-manager/cluster-issuer-staging

@@ -24,11 +24,12 @@

             selector:
               dnsZones:
                 - techtales.io
 kind: ConfigMap
 metadata:
   labels:
+    app.kubernetes.io/name: cert-manager-issuers
     kustomize.toolkit.fluxcd.io/name: apps-cert-manager-issuers
     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: cluster-issuer-staging
   namespace: cert-manager
 
--- kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers ConfigMap: cert-manager/cluster-issuer-production

+++ kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers Kustomization: flux-system/apps-cert-manager-issuers ConfigMap: cert-manager/cluster-issuer-production

@@ -24,11 +24,12 @@

             selector:
               dnsZones:
                 - techtales.io
 kind: ConfigMap
 metadata:
   labels:
+    app.kubernetes.io/name: cert-manager-issuers
     kustomize.toolkit.fluxcd.io/name: apps-cert-manager-issuers
     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: cluster-issuer-production
   namespace: cert-manager
 
--- kubernetes/talos-flux/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/apps-cert-manager

+++ kubernetes/talos-flux/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/apps-cert-manager

@@ -8,24 +8,32 @@

   labels:
     kustomize.toolkit.fluxcd.io/name: flux-apps
     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: apps-cert-manager
   namespace: flux-system
 spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: cert-manager
   decryption:
     provider: sops
     secretRef:
       name: sops-age
-  interval: 10m
+  dependsOn:
+  - name: apps-kube-prometheus-stack
+  interval: 30m
   path: ./kubernetes/talos-flux/apps/cert-manager/cert-manager/app
   postBuild:
     substituteFrom:
     - kind: ConfigMap
       name: cluster-settings
     - kind: Secret
       name: cluster-secrets
   prune: true
+  retryInterval: 1m
   sourceRef:
     kind: GitRepository
     name: home-ops
+  targetNamespace: cert-manager
+  timeout: 5m
   wait: true
 
--- kubernetes/talos-flux/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/apps-cert-manager-issuers

+++ kubernetes/talos-flux/apps Kustomization: flux-system/flux-apps Kustomization: flux-system/apps-cert-manager-issuers

@@ -5,24 +5,32 @@

   labels:
     kustomize.toolkit.fluxcd.io/name: flux-apps
     kustomize.toolkit.fluxcd.io/namespace: flux-system
   name: apps-cert-manager-issuers
   namespace: flux-system
 spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: cert-manager-issuers
   decryption:
     provider: sops
     secretRef:
       name: sops-age
-  interval: 10m
+  dependsOn:
+  - name: apps-cert-manager
+  interval: 30m
   path: ./kubernetes/talos-flux/apps/cert-manager/cert-manager/issuers
   postBuild:
     substituteFrom:
     - kind: ConfigMap
       name: cluster-settings
     - kind: Secret
       name: cluster-secrets
   prune: false
+  retryInterval: 1m
   sourceRef:
     kind: GitRepository
     name: home-ops
+  targetNamespace: cert-manager
+  timeout: 5m
   wait: true

@tyriis tyriis merged commit 2c6883c into main Feb 25, 2025
16 checks passed
@tyriis tyriis deleted the feature/cert-manager-monitoring branch February 25, 2025 22:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/kubernetes cluster/talos-flux
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tyriis