Merge pull request #29 from flanksource/add-prometheus-metrics-and-ev…

…ents

Add prometheus metrics and events

Makefile

@@ -52,6 +52,7 @@ static: manifests
 	cd config/manager && kustomize edit set image controller=${IMG}
 	kustomize build config/crd > config/deploy/crd.yml
 	kustomize build config/default > config/deploy/operator.yml
+	kustomize build config/base > config/base/deploy.yml
 
 # Run go fmt against code
 fmt:

api/v1/template_types.go

@@ -55,7 +55,6 @@ type TemplateStatus struct {
 }
 
 type ResourceSelector struct {
-	ForEach            string               `json:"forEach,omitempty"`
 	LabelSelector      metav1.LabelSelector `json:"labelSelector,omitempty"`
 	NamespaceSelector  metav1.LabelSelector `json:"namespaceSelector,omitempty"`
 	AnnotationSelector map[string]string    `json:"annotationSelector,omitempty"`

config/base/deploy.yml

@@ -0,0 +1,139 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: template-operator-manager
+  namespace: platform-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: template-operator-leader-election-role
+  namespace: platform-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - configmaps/status
+  verbs:
+  - get
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  name: template-operator-manager-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: template-operator-leader-election-rolebinding
+  namespace: platform-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: template-operator-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: template-operator-manager
+  namespace: platform-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: template-operator-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: template-operator-manager-role
+subjects:
+- kind: ServiceAccount
+  name: template-operator-manager
+  namespace: platform-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/scrape: "true"
+  labels:
+    control-plane: template-operator
+  name: template-operator-template-operator
+  namespace: platform-system
+spec:
+  ports:
+  - name: prometheus
+    port: 8080
+    protocol: TCP
+  selector:
+    control-plane: template-operator
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    control-plane: template-operator
+  name: template-operator-controller-manager
+  namespace: platform-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      control-plane: template-operator
+  template:
+    metadata:
+      labels:
+        control-plane: template-operator
+    spec:
+      containers:
+      - args:
+        - --metrics-addr=0.0.0.0:8080
+        - --enable-leader-election
+        - --sync-period=20s
+        image: flanksource/template-operator:v1
+        name: manager
+        resources:
+          limits:
+            cpu: 100m
+            memory: 130Mi
+          requests:
+            cpu: 100m
+            memory: 120Mi
+      - args:
+        - --secure-listen-address=0.0.0.0:8443
+        - --upstream=http://127.0.0.1:8080/
+        - --logtostderr=true
+        - --v=10
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
+        name: kube-rbac-proxy
+        ports:
+        - containerPort: 8443
+          name: https
+      serviceAccount: template-operator-manager
+      terminationGracePeriodSeconds: 10

config/base/kustomization.yaml

@@ -0,0 +1,53 @@
+# Adds namespace to all resources.
+namespace: platform-system
+
+namePrefix: template-operator-
+
+bases:
+- ../rbac
+- ../manager
+
+# patchesStrategicMerge:
+  # Protect the /metrics endpoint by putting it behind auth.
+  # If you want your controller-manager to expose the /metrics
+  # endpoint w/o any authn/z, please comment the following line.
+# - ../default/manager_auth_proxy_patch.yaml
+
+# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in 
+# crd/kustomization.yaml
+#- manager_webhook_patch.yaml
+
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'.
+# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks.
+# 'CERTMANAGER' needs to be enabled to use ca injection
+#- webhookcainjection_patch.yaml
+
+# the following config is for teaching kustomize how to do var substitution
+vars:
+# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
+#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+#  objref:
+#    kind: Certificate
+#    group: cert-manager.io
+#    version: v1alpha2
+#    name: serving-cert # this name should match the one in certificate.yaml
+#  fieldref:
+#    fieldpath: metadata.namespace
+#- name: CERTIFICATE_NAME
+#  objref:
+#    kind: Certificate
+#    group: cert-manager.io
+#    version: v1alpha2
+#    name: serving-cert # this name should match the one in certificate.yaml
+#- name: SERVICE_NAMESPACE # namespace of the service
+#  objref:
+#    kind: Service
+#    version: v1
+#    name: webhook-service
+#  fieldref:
+#    fieldpath: metadata.namespace
+#- name: SERVICE_NAME
+#  objref:
+#    kind: Service
+#    version: v1
+#    name: webhook-service

config/crd/bases/templating.flanksource.com_templates.yaml

@@ -131,8 +131,6 @@ spec:
                   type: string
                 fieldSelector:
                   type: string
-                forEach:
-                  type: string
                 kind:
                   type: string
                 labelSelector:
@@ -255,8 +253,6 @@ spec:
                   type: string
                 fieldSelector:
                   type: string
-                forEach:
-                  type: string
                 kind:
                   type: string
                 labelSelector:

config/default/kustomization.yaml

@@ -24,11 +24,11 @@ bases:
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. 
 #- ../prometheus
 
-patchesStrategicMerge:
+# patchesStrategicMerge:
   # Protect the /metrics endpoint by putting it behind auth.
   # If you want your controller-manager to expose the /metrics
   # endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
+# - manager_auth_proxy_patch.yaml
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in 
 # crd/kustomization.yaml

config/deploy/crd.yml

@@ -97,8 +97,6 @@ spec:
                   type: string
                 fieldSelector:
                   type: string
-                forEach:
-                  type: string
                 kind:
                   type: string
                 labelSelector:
@@ -183,8 +181,6 @@ spec:
                   type: string
                 fieldSelector:
                   type: string
-                forEach:
-                  type: string
                 kind:
                   type: string
                 labelSelector:

config/deploy/operator.yml

@@ -1,10 +1,3 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    control-plane: template-operator
-  name: platform-system
----
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
@@ -104,8 +97,6 @@ spec:
                   type: string
                 fieldSelector:
                   type: string
-                forEach:
-                  type: string
                 kind:
                   type: string
                 labelSelector:
@@ -190,8 +181,6 @@ spec:
                   type: string
                 fieldSelector:
                   type: string
-                forEach:
-                  type: string
                 kind:
                   type: string
                 labelSelector:
@@ -351,6 +340,23 @@ subjects:
   name: template-operator-manager
   namespace: platform-system
 ---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    prometheus.io/scrape: "true"
+  labels:
+    control-plane: template-operator
+  name: template-operator-template-operator
+  namespace: platform-system
+spec:
+  ports:
+  - name: prometheus
+    port: 8080
+    protocol: TCP
+  selector:
+    control-plane: template-operator
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -370,27 +376,27 @@ spec:
     spec:
       containers:
       - args:
-        - --secure-listen-address=0.0.0.0:8443
-        - --upstream=http://127.0.0.1:8080/
-        - --logtostderr=true
-        - --v=10
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
-        name: kube-rbac-proxy
-        ports:
-        - containerPort: 8443
-          name: https
-      - args:
-        - --metrics-addr=127.0.0.1:8080
+        - --metrics-addr=0.0.0.0:8080
         - --enable-leader-election
         - --sync-period=20s
         image: flanksource/template-operator:v1
         name: manager
         resources:
           limits:
             cpu: 100m
-            memory: 30Mi
+            memory: 130Mi
           requests:
             cpu: 100m
-            memory: 20Mi
+            memory: 120Mi
+      - args:
+        - --secure-listen-address=0.0.0.0:8443
+        - --upstream=http://127.0.0.1:8080/
+        - --logtostderr=true
+        - --v=10
+        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
+        name: kube-rbac-proxy
+        ports:
+        - containerPort: 8443
+          name: https
       serviceAccount: template-operator-manager
       terminationGracePeriodSeconds: 10