Move ports and volumeMounts from deprecated kube-rbac-proxy sidecar t…

…o controller container ref: https://issues.redhat.com/browse/ACM-8346 Signed-off-by: Jason Zhang <jaszhang@redhat.com>
open-cluster-management-io · Jul 29, 2024 · 037d6db · 037d6db
1 parent cdb2f2b
commit 037d6db
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 4 deletions.
diff --git a/pkg/addon/configpolicy/manifests/managedclusterchart/templates/deployment.yaml b/pkg/addon/configpolicy/manifests/managedclusterchart/templates/deployment.yaml
@@ -51,7 +51,10 @@ spec:
           - --client-max-qps={{ .Values.args.clientQPS }}
           - --client-burst={{ .Values.args.clientBurst }}
           - --health-probe-bind-address=:8081
-          {{- if and .Values.prometheus.enabled (ne .Values.kubernetesDistribution "OpenShift") }}
+          {{- if and .Values.prometheus.enabled (eq .Values.kubernetesDistribution "OpenShift") }}
+          - --secure-metrics=true
+          - --metrics-bind-address=0.0.0.0:8443
+          {{- else if .Values.prometheus.enabled }}
           - --metrics-bind-address=0.0.0.0:8383
           {{- end }}
           {{- if eq .Values.installMode "Hosted" }}
@@ -111,16 +114,26 @@ spec:
           failureThreshold: 30
           periodSeconds: 10
         {{- end }}
-        {{- if and .Values.prometheus.enabled (ne .Values.kubernetesDistribution "OpenShift") }}
+        {{- if and .Values.prometheus.enabled (eq .Values.kubernetesDistribution "OpenShift") }}
+        ports:
+        - name: metrics
+          protocol: TCP
+          containerPort: 8443
+        {{- else if .Values.prometheus.enabled }}
         ports:
         - name: metrics
           protocol: TCP
           containerPort: 8383
         {{- end }}
         resources: {{- toYaml .Values.resources | nindent 10 }}
         volumeMounts:
+          {{- if and .Values.prometheus.enabled (eq .Values.kubernetesDistribution "OpenShift") }}
+          - mountPath: "/var/run/metrics-cert"
+            name: metrics-cert
+            readOnly: true
           - name: klusterlet-config
             mountPath: /var/run/klusterlet
+          {{- end }}
           {{- if eq .Values.installMode "Hosted" }}
           - mountPath: "/var/run/managed-kubeconfig"
             name: managed-kubeconfig-secret

diff --git a/pkg/addon/policyframework/manifests/managedclusterchart/templates/deployment.yaml b/pkg/addon/policyframework/manifests/managedclusterchart/templates/deployment.yaml
@@ -59,7 +59,10 @@ spec:
           {{- else }}
           - --cluster-namespace={{ .Values.clusterName }}
           {{- end }}
-          {{- if and .Values.prometheus.enabled (ne .Values.kubernetesDistribution "OpenShift") }}
+          {{- if and .Values.prometheus.enabled (eq .Values.kubernetesDistribution "OpenShift") }}
+          - --secure-metrics=true
+          - --metrics-bind-address=0.0.0.0:8443
+          {{- else if .Values.prometheus.enabled }}
           - --metrics-bind-address=0.0.0.0:8383
           {{- end }}
           {{- if .Values.complianceHistoryAPIURL }}
@@ -111,7 +114,12 @@ spec:
           failureThreshold: 30
           periodSeconds: 10
         {{- end }}
-        {{- if and .Values.prometheus.enabled (ne .Values.kubernetesDistribution "OpenShift") }}
+        {{- if and .Values.prometheus.enabled (eq .Values.kubernetesDistribution "OpenShift") }}
+        ports:
+        - name: metrics
+          protocol: TCP
+          containerPort: 8443
+        {{- else if .Values.prometheus.enabled }}
         ports:
         - name: metrics
           protocol: TCP
@@ -126,6 +134,11 @@ spec:
           privileged: false
           readOnlyRootFilesystem: true
         volumeMounts:
+          {{- if and .Values.prometheus.enabled (eq .Values.kubernetesDistribution "OpenShift") }}
+          - mountPath: "/var/run/metrics-cert"
+            name: metrics-cert
+            readOnly: true
+          {{- end }}
           - name: klusterlet-config
             mountPath: /var/run/klusterlet
       volumes: