The ServiceMonitor targets both the web hook service and the metrics service. Yet, only the metrics service must be scraped (the probe could be scraped too via the blackbox-exporter, but that is a subject for another PR). The webhook service must not be discovered by Prometheus.
In that original PR, we tried to fix this by modifying the labels in the Service and ServiceMonitor, but while testing it we found a simpler solution, which is to specify a port name in the ServiceMonitor.
Before
After
Testing
You can test this yourself as follows:
# Start a Kind cluster and install approver-policy (from source) + cert-manager
make test-smoke-deps
# Deploy Prometheus
helm upgrade default kube-prometheus-stack \
--repo https://prometheus-community.github.io/helm-charts \
--install \
--namespace prometheus \
--create-namespace \
--set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false \
--set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
--wait
# Redeploy approver-policy with ServiceMonitor enabled
make test-smoke-deps \
INSTALL_OPTIONS="--set image.repository=\$(oci_manager_image_name_development) --set app.metrics.service.servicemonitor.enabled=true"
# Connect to prometheus web UI
kubectl port-forward -n prometheus pods/prometheus-default-kube-prometheus-st-prometheus-0 9090
Needs approval from an approver in each of these files:
- ~~[OWNERS](https://github.com/cert-manager/approver-policy/blob/main/OWNERS)~~ [SgtCoDFish]
Approvers can indicate their approval by writing `/approve` in a comment
Approvers can cancel approval by writing `/approve cancel` in a comment
In https://github.com/cert-manager/approver-policy/pull/229 @leotomas837 reported that:
In that original PR, we tried to fix this by modifying the labels in the Service and ServiceMonitor, but while testing it we found a simpler solution, which is to specify a port name in the ServiceMonitor.
Before
After
Testing
You can test this yourself as follows:
Visit: http://localhost:9090/targets