diff --git a/cmd/build/helmify/static/README.md b/cmd/build/helmify/static/README.md index bb0c705329a..38364f5dc23 100644 --- a/cmd/build/helmify/static/README.md +++ b/cmd/build/helmify/static/README.md @@ -161,6 +161,8 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | service.loadBalancerIP | The IP address of LoadBalancer service | `` | | service.healthzPort | Service port to gatekeeper Webhook health port | `9090` | | rbac.create | Enable the creation of RBAC resources | `true` | +| podMonitor.enabled | Whether to install `PodMonitor` resources or not | `false` | +| podMonitor.extraLabels | Extra labels for `PodMonitor` resources | `{}` | ## Contributing Changes diff --git a/cmd/build/helmify/static/templates/podmonitor-audit-controller.yaml b/cmd/build/helmify/static/templates/podmonitor-audit-controller.yaml new file mode 100644 index 00000000000..6240a6fdd8a --- /dev/null +++ b/cmd/build/helmify/static/templates/podmonitor-audit-controller.yaml @@ -0,0 +1,26 @@ +{{- if .Values.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + {{- with .Values.podMonitor.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: gatekeeper-audit-controller +spec: + namespaceSelector: + matchNames: + - '{{ .Release.Namespace }}' + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + release: '{{ .Release.Name }}' + podMetricsEndpoints: + - port: metrics +{{- end }} diff --git a/cmd/build/helmify/static/templates/podmonitor-controller-manager.yaml b/cmd/build/helmify/static/templates/podmonitor-controller-manager.yaml new file mode 100644 index 00000000000..3125fdbc374 --- /dev/null +++ b/cmd/build/helmify/static/templates/podmonitor-controller-manager.yaml @@ -0,0 +1,26 @@ +{{- if .Values.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: gatekeeper-controller-manager + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + {{- with .Values.podMonitor.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + namespaceSelector: + matchNames: + - '{{ .Release.Namespace }}' + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + release: '{{ .Release.Name }}' + podMetricsEndpoints: + - port: metrics +{{- end }} diff --git a/cmd/build/helmify/static/values.yaml b/cmd/build/helmify/static/values.yaml index cc04a302e1d..77e40962196 100644 --- a/cmd/build/helmify/static/values.yaml +++ b/cmd/build/helmify/static/values.yaml @@ -206,3 +206,6 @@ upgradeCRDs: extraRules: [] rbac: create: true +podMonitor: + enabled: false + extraLabels: {} diff --git a/manifest_staging/charts/gatekeeper/README.md b/manifest_staging/charts/gatekeeper/README.md index bb0c705329a..38364f5dc23 100644 --- a/manifest_staging/charts/gatekeeper/README.md +++ b/manifest_staging/charts/gatekeeper/README.md @@ -161,6 +161,8 @@ _See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/websi | service.loadBalancerIP | The IP address of LoadBalancer service | `` | | service.healthzPort | Service port to gatekeeper Webhook health port | `9090` | | rbac.create | Enable the creation of RBAC resources | `true` | +| podMonitor.enabled | Whether to install `PodMonitor` resources or not | `false` | +| podMonitor.extraLabels | Extra labels for `PodMonitor` resources | `{}` | ## Contributing Changes diff --git a/manifest_staging/charts/gatekeeper/templates/podmonitor-audit-controller.yaml b/manifest_staging/charts/gatekeeper/templates/podmonitor-audit-controller.yaml new file mode 100644 index 00000000000..6240a6fdd8a --- /dev/null +++ b/manifest_staging/charts/gatekeeper/templates/podmonitor-audit-controller.yaml @@ -0,0 +1,26 @@ +{{- if .Values.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + {{- with .Values.podMonitor.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + name: gatekeeper-audit-controller +spec: + namespaceSelector: + matchNames: + - '{{ .Release.Namespace }}' + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + control-plane: audit-controller + release: '{{ .Release.Name }}' + podMetricsEndpoints: + - port: metrics +{{- end }} diff --git a/manifest_staging/charts/gatekeeper/templates/podmonitor-controller-manager.yaml b/manifest_staging/charts/gatekeeper/templates/podmonitor-controller-manager.yaml new file mode 100644 index 00000000000..3125fdbc374 --- /dev/null +++ b/manifest_staging/charts/gatekeeper/templates/podmonitor-controller-manager.yaml @@ -0,0 +1,26 @@ +{{- if .Values.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: gatekeeper-controller-manager + labels: + app: '{{ template "gatekeeper.name" . }}' + chart: '{{ template "gatekeeper.name" . }}' + gatekeeper.sh/system: "yes" + heritage: '{{ .Release.Service }}' + release: '{{ .Release.Name }}' + {{- with .Values.podMonitor.extraLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + namespaceSelector: + matchNames: + - '{{ .Release.Namespace }}' + selector: + matchLabels: + app: '{{ template "gatekeeper.name" . }}' + control-plane: controller-manager + release: '{{ .Release.Name }}' + podMetricsEndpoints: + - port: metrics +{{- end }} diff --git a/manifest_staging/charts/gatekeeper/values.yaml b/manifest_staging/charts/gatekeeper/values.yaml index cc04a302e1d..77e40962196 100644 --- a/manifest_staging/charts/gatekeeper/values.yaml +++ b/manifest_staging/charts/gatekeeper/values.yaml @@ -206,3 +206,6 @@ upgradeCRDs: extraRules: [] rbac: create: true +podMonitor: + enabled: false + extraLabels: {}