diff --git a/charts/cosigned/Chart.yaml b/charts/cosigned/Chart.yaml index 32d34752..7d2da7e4 100644 --- a/charts/cosigned/Chart.yaml +++ b/charts/cosigned/Chart.yaml @@ -5,7 +5,7 @@ sources: - https://github.com/sigstore/cosign name: cosigned type: application -version: v0.0.3-dev +version: v0.0.4 appVersion: v1.2.0 maintainers: - name: dlorenc diff --git a/charts/cosigned/templates/webhook/configmap.yaml b/charts/cosigned/templates/webhook/configmap.yaml index ea332d05..ec2b601e 100644 --- a/charts/cosigned/templates/webhook/configmap.yaml +++ b/charts/cosigned/templates/webhook/configmap.yaml @@ -32,3 +32,17 @@ data: # Changes are be picked up immediately. loglevel.controller: "info" loglevel.webhook: "info" +{{- if .Values.serviceMonitor.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + {{- include "cosigned.labels" . | nindent 4 }} + control-plane: {{ template "cosigned.fullname" . }}-webhook + name: {{ template "cosigned.fullname" . }}-webhook-observability + namespace: {{ .Release.Namespace }} +data: + metrics.backend-destination: prometheus + metrics.request-metrics-backend-destination: prometheus +{{- end }} diff --git a/charts/cosigned/templates/webhook/deployment_webhook.yaml b/charts/cosigned/templates/webhook/deployment_webhook.yaml index c90623ec..0f17c12a 100644 --- a/charts/cosigned/templates/webhook/deployment_webhook.yaml +++ b/charts/cosigned/templates/webhook/deployment_webhook.yaml @@ -35,6 +35,8 @@ spec: fieldPath: metadata.namespace - name: CONFIG_LOGGING_NAME value: {{ template "cosigned.fullname" . }}-webhook-logging + - name: CONFIG_OBSERVABILITY_NAME + value: {{ template "cosigned.fullname" . }}-webhook-observability - name: METRICS_DOMAIN value: sigstore.dev/cosigned - name: WEBHOOK_NAME diff --git a/charts/cosigned/templates/webhook/service_monitor_webhook.yaml b/charts/cosigned/templates/webhook/service_monitor_webhook.yaml new file mode 100644 index 00000000..b0c74c9c --- /dev/null +++ b/charts/cosigned/templates/webhook/service_monitor_webhook.yaml @@ -0,0 +1,17 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "cosigned.fullname" . }}-webhook-monitor + namespace: {{ .Release.Namespace }} + labels: + {{- include "cosigned.labels" . | nindent 4 }} + control-plane: {{ template "cosigned.fullname" . }}-webhook +spec: + endpoints: + - path: /metrics + port: metrics + selector: + matchLabels: + control-plane: {{ template "cosigned.fullname" . }}-webhook +{{- end }} diff --git a/charts/cosigned/templates/webhook/service_webhook.yaml b/charts/cosigned/templates/webhook/service_webhook.yaml index adf0cc89..9a7dd543 100644 --- a/charts/cosigned/templates/webhook/service_webhook.yaml +++ b/charts/cosigned/templates/webhook/service_webhook.yaml @@ -23,3 +23,26 @@ spec: selector: {{- include "cosigned.selectorLabels" . | nindent 4 }} control-plane: {{ template "cosigned.fullname" . }}-webhook +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + {{- if .Values.webhook.service.annotations }} + {{ toYaml .Values.webhook.service.annotations | nindent 4 }} + {{- end }} + labels: + {{- include "cosigned.labels" . | nindent 4 }} + control-plane: {{ template "cosigned.fullname" . }}-webhook + name: {{ template "cosigned.fullname" . }}-webhook-metrics + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + ports: + - name: metrics + port: 9090 + protocol: TCP + targetPort: metrics + selector: + {{- include "cosigned.selectorLabels" . | nindent 4 }} + control-plane: {{ template "cosigned.fullname" . }}-webhook \ No newline at end of file diff --git a/charts/cosigned/values.yaml b/charts/cosigned/values.yaml index 2dbf0fec..e23b4f5d 100644 --- a/charts/cosigned/values.yaml +++ b/charts/cosigned/values.yaml @@ -49,3 +49,7 @@ commonTolerations: [] # operator: "Equal" # value: "value" # effect: "NoSchedule" + +## serviceMonitor makes cosigned metrics discoverable to prometheus +serviceMonitor: + enabled: false