fix3

DEVELOPER.md

@@ -686,7 +686,7 @@ kubectl logs <vertica-pod-name> -c vlogger
          ...
          - args:
            - --health-probe-bind-address=:8081
-           - --metrics-bind-address=127.0.0.1:8080
+           - --metrics-bind-address=127.0.0.1:8443
            - --leader-elect
            - --health-probe-bind-address=:8081
            - --enable-profiler

Makefile

@@ -231,7 +231,7 @@ export VDB_MAX_BACKOFF_DURATION
 #
 # The address the operators Prometheus metrics endpoint binds to. Setting this
 # to 0 will disable metric serving.
-METRICS_ADDR?=127.0.0.1:8080
+METRICS_ADDR?=127.0.0.1:8443
 export METRICS_ADDR
 #
 # The minimum logging level. Valid values are: debug, info, warn, and error.

cmd/operator/main.go

@@ -20,7 +20,6 @@ import (
 	"crypto/tls"
 	"log"
 	"os"
-	"strings"
 	"time"
 
 	// Allows us to pull in things generated from `go generate`
@@ -287,7 +286,7 @@ func main() {
 		TLSOpts: webhookTLSOpts,
 	})
 
-	secureMetrics := strings.HasSuffix(opcfg.GetMetricsAddr(), "8443")
+	secureMetrics := opcfg.GetMetricsAddr() == "127.0.0.1:8443"
 	var metricCertDir string
 	if opcfg.GetMetricsTLSSecret() != "" {
 		metricCertDir = "/cert"

config/default/metrics_service.yaml

@@ -2,10 +2,10 @@ apiVersion: v1
 kind: Service
 metadata:
   labels:
-    control-plane: controller-manager
+    control-plane: verticadb-operator
     app.kubernetes.io/name: verticadb-operator
     app.kubernetes.io/managed-by: kustomize
-  name: controller-manager-metrics-service
+  name: metrics-service
   namespace: system
 spec:
   ports:
@@ -14,4 +14,4 @@ spec:
       protocol: TCP
       targetPort: 8443
   selector:
-    control-plane: controller-manager
+    control-plane: verticadb-operator

helm-charts/verticadb-operator/tests/metrics-configmap_test.yaml

@@ -2,19 +2,19 @@ suite: Metrics configmap tests
 templates:
   - verticadb-operator-manager-config-cm.yaml
 tests:
-  - it: should not include proxy sidecar if expose is without auth
+  - it: should not contain ip if expose is without auth
     set:
       prometheus:
         expose: EnableWithoutAuth
     asserts:
       - equal:
           path: data.METRICS_ADDR
           value: :8443
-  - it: should include proxy sidecar if expose is with auth
+  - it: should cotain ip if expose is with auth
     set:
       prometheus:
         expose: EnableWithAuthProxy
     asserts:
       - equal:
           path: data.METRICS_ADDR
-          value: 127.0.0.1:8080
+          value: 127.0.0.1:8443

scripts/template-helm-chart.sh

@@ -115,10 +115,10 @@ do
 done
 
 # 11.  Template the prometheus metrics service
-perl -i -pe 's/^/{{- if hasPrefix "Enable" .Values.prometheus.expose -}}\n/ if 1 .. 1' $TEMPLATE_DIR/verticadb-operator-controller-manager-metrics-service-svc.yaml
-echo "{{- end }}" >> $TEMPLATE_DIR/verticadb-operator-controller-manager-metrics-service-svc.yaml
+perl -i -pe 's/^/{{- if hasPrefix "Enable" .Values.prometheus.expose -}}\n/ if 1 .. 1' $TEMPLATE_DIR/verticadb-operator-metrics-service-svc.yaml
+echo "{{- end }}" >> $TEMPLATE_DIR/verticadb-operator-metrics-service-svc.yaml
 
-# 11.  Template the roles/rolebindings for access to the rbac proxy
+# 12.  Template the roles/rolebindings for access to prometheus metrics
 for f in verticadb-operator-metrics-reader-cr.yaml
 do
     perl -i -pe 's/^/{{- if and (.Values.prometheus.createProxyRBAC) (eq .Values.prometheus.expose "EnableWithAuthProxy") -}}\n/ if 1 .. 1' $TEMPLATE_DIR/$f
@@ -127,36 +127,36 @@ do
     perl -i -0777 -pe 's/-(proxy-role.*)/-{{ include "vdb-op.metricsRbacPrefix" . }}$1/g' $TEMPLATE_DIR/$f
 done
 
-# 12.  Template the ServiceMonitor object for Promtheus operator
+# 13.  Template the ServiceMonitor object for Promtheus operator
 perl -i -pe 's/^/{{- if .Values.prometheus.createServiceMonitor -}}\n/ if 1 .. 1' $TEMPLATE_DIR/verticadb-operator-metrics-monitor-servicemonitor.yaml
 echo "{{- end }}" >> $TEMPLATE_DIR/verticadb-operator-metrics-monitor-servicemonitor.yaml
 perl -i -0777 -pe 's/(.*endpoints:)/$1\n{{- if eq "EnableWithAuthProxy" .Values.prometheus.expose }}/g' $TEMPLATE_DIR/verticadb-operator-metrics-monitor-servicemonitor.yaml
 perl -i -0777 -pe 's/(.*insecureSkipVerify:.*)/$1\n{{- else }}\n  - path: \/metrics\n    port: metrics\n    scheme: http\n{{- end }}/g' $TEMPLATE_DIR/verticadb-operator-metrics-monitor-servicemonitor.yaml
 
-# 13.  Template the metrics bind address
+# 14.  Template the metrics bind address
 perl -i -0777 -pe 's/(METRICS_TLS_SECRET: )(.*)/$1 "{{ .Values.prometheus.tlsSecret }}"/' $TEMPLATE_DIR/verticadb-operator-manager-config-cm.yaml
-perl -i -0777 -pe 's/(METRICS_ADDR: )(.*)/$1 "{{ if eq "EnableWithAuthProxy" .Values.prometheus.expose }}127.0.0.1{{ end }}:{{ if eq "EnableWithAuthProxy" .Values.prometheus.expose }}8080{{ else }}8443{{ end }}"/' $TEMPLATE_DIR/verticadb-operator-manager-config-cm.yaml
+perl -i -0777 -pe 's/(METRICS_ADDR: )(.*)/$1 "{{ if eq "EnableWithAuthProxy" .Values.prometheus.expose }}127.0.0.1{{ end }}:8443"/' $TEMPLATE_DIR/verticadb-operator-manager-config-cm.yaml
 perl -i -0777 -pe 's/(.*METRICS_ADDR:.*)/{{- if hasPrefix "Enable" .Values.prometheus.expose }}\n$1\n{{- else }}\n  METRICS_ADDR: "0"\n{{- end }}/g' $TEMPLATE_DIR/verticadb-operator-manager-config-cm.yaml
-perl -i -0777 -pe 's/(.*ports:\n.*containerPort: 9443\n.*webhook-server.*\n.*)/$1\n{{- if hasPrefix "EnableWithoutAuth" .Values.prometheus.expose }}\n        - name: metrics\n          containerPort: 8443\n          protocol: TCP\n{{- end }}/g' $TEMPLATE_DIR/verticadb-operator-manager-deployment.yaml
+perl -i -0777 -pe 's/(.*ports:\n.*containerPort: 9443\n.*webhook-server.*\n.*)/$1\n{{- if hasPrefix "Enable" .Values.prometheus.expose }}\n        - name: metrics\n          containerPort: 8443\n          protocol: TCP\n{{- end }}/g' $TEMPLATE_DIR/verticadb-operator-manager-deployment.yaml
 
-# 14.  Template the rbac container
+# 15.  Template the rbac container
 perl -i -0777 -pe 's/(.*- args:.*\n.*secure)/{{- if eq .Values.prometheus.expose "EnableWithAuthProxy" }}\n$1/g' $TEMPLATE_DIR/verticadb-operator-manager-deployment.yaml
 # We need to put the matching end at the end of the container spec.
 perl -i -0777 -pe 's/(memory: 64Mi)/$1\n{{- end }}/g' $TEMPLATE_DIR/verticadb-operator-manager-deployment.yaml
 
-# 15.  Template places that refer to objects by name.  Do this in all files.
+# 16.  Template places that refer to objects by name.  Do this in all files.
 # In the config/ directory we hardcoded everything to start with
 # verticadb-operator.
 perl -i -0777 -pe 's/verticadb-operator/{{ include "vdb-op.name" . }}/g' $TEMPLATE_DIR/*yaml
 
-# 16.  Mount TLS certs in the rbac proxy
+# 17.  Mount TLS certs for prometheus metrics
 for f in $TEMPLATE_DIR/verticadb-operator-manager-deployment.yaml
 do
     perl -i -0777 -pe 's/(.*--v=[0-9]+)/$1\n{{- if not (empty .Values.prometheus.tlsSecret) }}\n        - --tls-cert-file=\/cert\/tls.crt\n        - --tls-private-key-file=\/cert\/tls.key\n        - --client-ca-file=\/cert\/ca.crt\n{{- end }}/g' $f
     perl -i -0777 -pe 's/(volumes:)/$1\n{{- if not (empty .Values.prometheus.tlsSecret) }}\n      - name: auth-cert\n        secret:\n          secretName: {{ .Values.prometheus.tlsSecret }}\n{{- end }}/g' $f
 done
 
-# 17.  Add pod scheduling options
+# 18.  Add pod scheduling options
 cat << EOF >> $TEMPLATE_DIR/verticadb-operator-manager-deployment.yaml
 {{- if .Values.nodeSelector }}
       nodeSelector:
@@ -175,7 +175,7 @@ cat << EOF >> $TEMPLATE_DIR/verticadb-operator-manager-deployment.yaml
 {{- end }}
 EOF
 
-# 18. Template the per-CR concurrency parameters
+# 19. Template the per-CR concurrency parameters
 for f in $TEMPLATE_DIR/verticadb-operator-manager-config-cm.yaml
 do
     perl -i -0777 -pe 's/(CONCURRENCY_VERTICADB: ).*/$1\{\{ .Values.reconcileConcurrency.verticadb | quote \}\}/g' $f
@@ -187,7 +187,7 @@ do
     perl -i -0777 -pe 's/(CONCURRENCY_VERTICAREPLICATOR: ).*/$1\{\{ .Values.reconcileConcurrency.verticareplicator | quote \}\}/g' $f
 done
 
-# 19. Add permissions to manager ClusterRole to allow it to patch the CRD. This
+# 20. Add permissions to manager ClusterRole to allow it to patch the CRD. This
 # is only needed if the webhook cert is generated by the operator or provided
 # by a Secret.
 cat << EOF >> $TEMPLATE_DIR/verticadb-operator-webhook-config-cr.yaml
@@ -204,7 +204,7 @@ cat << EOF >> $TEMPLATE_DIR/verticadb-operator-webhook-config-cr.yaml
 {{- end }}
 EOF
 
-# 20. Change change ClusterRoles/ClusterRoleBindings for the manager to be
+# 21. Change change ClusterRoles/ClusterRoleBindings for the manager to be
 # Roles/RoleBindings if the operator is scoped to a single namespace.
 for f in $TEMPLATE_DIR/verticadb-operator-manager-clusterrolebinding-crb.yaml \
     $TEMPLATE_DIR/verticadb-operator-manager-role-cr.yaml
@@ -215,7 +215,7 @@ do
     echo "{{- end }}" >> $f
 done
 
-# 21. Template the operator config
+# 22. Template the operator config
 for fn in $TEMPLATE_DIR/verticadb-operator-manager-config-cm.yaml
 do
   perl -i -0777 -pe 's/(WEBHOOKS_ENABLED:).*/$1 {{ quote .Values.webhook.enable }}/g' $fn