Skip to content

Commit

Permalink
updating helm scaffolding based on pr comments
Browse files Browse the repository at this point in the history
Signed-off-by: Adam D. Cornett <[email protected]>
  • Loading branch information
acornett21 committed Nov 4, 2024
1 parent b9f7dbe commit e3119da
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 17 deletions.
7 changes: 6 additions & 1 deletion internal/cmd/helm-operator/run/cmd.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,12 @@ func NewCmd() *cobra.Command {
cmd := &cobra.Command{
Use: "run",
Short: "Run the operator",
Args: func(cmd *cobra.Command, args []string) error {
if cmd.Flag("metrics-require-rbac").Changed && !cmd.Flag("metrics-secure").Changed {
return fmt.Errorf("--metrics-secure flag is required when --metrics-require-rbac is present")
}
return nil
},
Run: func(cmd *cobra.Command, _ []string) {
logf.SetLogger(zapf.New(zapf.UseFlagOptions(opts)))
run(cmd, f)
Expand All @@ -83,7 +89,6 @@ func NewCmd() *cobra.Command {

f.AddTo(cmd.Flags())
cmd.Flags().AddGoFlagSet(zapfs)
cmd.MarkFlagsRequiredTogether("metrics-secure", "metrics-authn-authz")
return cmd
}

Expand Down
21 changes: 10 additions & 11 deletions internal/helm/flags/flag.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ type Flags struct {
SuppressOverrideValues bool
EnableHTTP2 bool
SecureMetrics bool
MetricsAuthNAuthZ bool
MetricsRequireRBAC bool

// If not nil, used to deduce which flags were set in the CLI.
flagSet *pflag.FlagSet
Expand Down Expand Up @@ -78,16 +78,14 @@ see https://github.com/kubernetes-sigs/controller-runtime/issues/895 for more in
// TODO(2.0.0): remove
flagSet.StringVar(&f.MetricsBindAddress,
"metrics-addr",
"0",
"The address the metrics endpoint binds to. "+
"Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.",
":8080",
"The address the metric endpoint binds to",
)
_ = flagSet.MarkDeprecated("metrics-addr", "use --metrics-bind-address instead")
flagSet.StringVar(&f.MetricsBindAddress,
"metrics-bind-address",
"0",
"The address the metrics endpoint binds to. "+
"Use :8443 for HTTPS or :8080 for HTTP, or leave as 0 to disable the metrics service.",
":8080",
"The address the metric endpoint binds to",
)
// TODO(2.0.0): for Go/Helm the port used is: 8081
// update it to keep the project aligned to the other
Expand Down Expand Up @@ -137,10 +135,11 @@ see https://github.com/kubernetes-sigs/controller-runtime/issues/895 for more in
false,
"enables secure serving of the metrics endpoint",
)
flagSet.BoolVar(&f.MetricsAuthNAuthZ,
"metrics-authn-authz",
flagSet.BoolVar(&f.MetricsRequireRBAC,
"metrics-require-rbac",
false,
"enables protection of the metrics endpoint with authn/authz")
"enables protection of the metrics endpoint with RBAC-based authn/authz."+
"see https://pkg.go.dev/sigs.k8s.io/[email protected]/pkg/metrics/filters#WithAuthenticationAndAuthorization for more info")
}

// ToManagerOptions uses the flag set in f to configure options.
Expand Down Expand Up @@ -187,7 +186,7 @@ func (f *Flags) ToManagerOptions(options manager.Options) manager.Options {
}
options.Metrics.SecureServing = f.SecureMetrics

if f.MetricsAuthNAuthZ {
if f.MetricsRequireRBAC {
// FilterProvider is used to protect the metrics endpoint with authn/authz.
// These configurations ensure that only authorized users and service accounts
// can access the metrics endpoint. The RBAC are configured in 'config/rbac/kustomization.yaml'. More info:
Expand Down
4 changes: 2 additions & 2 deletions internal/plugins/helm/v1/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -214,10 +214,10 @@ func addInitCustomizations(projectName string) error {
- op: add
path: /spec/template/spec/containers/0/args/0
value: --metrics-secure
# This patch adds the args to allow authn/authz the metrics endpoint
# This patch adds the args to allow RBAC-based authn/authz the metrics endpoint
- op: add
path: /spec/template/spec/containers/0/args/0
value: --metrics-authn-authz`)
value: --metrics-require-rbac`)
if err != nil {
return err
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,7 @@ spec:
spec:
containers:
- args:
- --metrics-authn-authz
- --metrics-require-rbac
- --metrics-secure
- --metrics-bind-address=:8443
- --leader-elect
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
- op: add
path: /spec/template/spec/containers/0/args/0
value: --metrics-secure
# This patch adds the args to allow authn/authz the metrics endpoint
# This patch adds the args to allow RBAC-based authn/authz the metrics endpoint
- op: add
path: /spec/template/spec/containers/0/args/0
value: --metrics-authn-authz
value: --metrics-require-rbac

0 comments on commit e3119da

Please sign in to comment.