search

smallstep / helm-charts

Helm packages for Kubernetes
Apache License 2.0
49 stars 72 forks source link

Incorrect Prometheus scrape port in Service annotations [step-issuer] #112

Closed p-kossa closed 2 years ago

p-kossa commented 2 years ago

Subject of the issue

This service annotation has a typo - should be .Values.service.port (as defined here):

apiVersion: v1
kind: Service
metadata:
  name: "{{ template "step-issuer.fullname" . }}"
  namespace: {{ .Release.Namespace }}
  annotations:
    prometheus.io/port: "{{ .Values.service.ports }}"

Additionally, the defined port is incorrect - by default, the manager metrics endpoint is 8080:

      - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        name: manager
        args: [
          "--metrics-addr=127.0.0.1:8080",

Otherwise kube-rbac-proxy may experience errors like this:

2022/09/29 04:50:52 http: TLS handshake error from x.x.x.x:57116: remote error: tls: bad certificate

Steps to reproduce

This can be reproduced by trying to scrape the metrics endpoint from any Prometheus server (i.e. cost-analyzer).

Expected behaviour

kube-rbac-proxy should startup and show no errors; Prometheus should be able to scrape the step-issuer metrics endpoint.

Actual behaviour

kube-rbac-proxy may experience errors like this:

2022/09/29 04:50:52 http: TLS handshake error from x.x.x.x:57116: remote error: tls: bad certificate

We can add a new Helm value specifically for the Prometheus scrape port so that the Service annotations are correct and the metrics endpoint is properly exposed.