search

twuni / docker-registry.helm

Helm chart for a Docker registry. Successor to stable/docker-registry chart.
Apache License 2.0
309 stars 146 forks source link

Use podMonitor instead of serviceMonitor to prevent monitoring data leakage #108

Open paulfantom opened 1 year ago

paulfantom commented 1 year ago

This PR is a different (IMHO proper) fix to issue raised in https://github.com/twuni/docker-registry.helm/pull/107. By using PodMonitor instead of ServiceMonitor we can simplify and fix a few things:

  1. Using SVC of type LB won't accidentally expoe /metrics endpoint outside of kubernetes.
  2. .Values.metrics.port is no longer needed as PodMonitor attaches to Pod instead of SVC.
  3. SVC object template is a bit less complicated.

The downside is that this is a breaking change. Alternative approach which is not breaking, but also not fixes all those issues is in

lucasfcnunes commented 2 months ago

Why not split the service?

  1. *-docker-registry -> 5000 (http) (Now, can turn set type to LB)
  2. *-docker-registry-metrics -> 5001 (http-metrics)