From 148e8a064aed55e104830ab450557889df89a8a3 Mon Sep 17 00:00:00 2001 From: Michele Baldessari Date: Tue, 31 Mar 2026 12:01:07 +0200 Subject: [PATCH] Drop the /metrics endpoint We are not using it, and it is just additional unused stuff for the time being. --- ...er-manager-metrics-service_v1_service.yaml | 17 ---------------- ...-operator-manager-config_v1_configmap.yaml | 2 -- ...c.authorization.k8s.io_v1_clusterrole.yaml | 10 ---------- config/default/kustomization.yaml | 8 -------- config/default/manager_auth_proxy_patch.yaml | 15 -------------- config/manager/controller_manager_config.yaml | 2 -- config/prometheus/kustomization.yaml | 2 -- config/prometheus/monitor.yaml | 20 ------------------- config/rbac/kustomization.yaml | 7 ------- 9 files changed, 83 deletions(-) delete mode 100644 bundle/manifests/patterns-operator-controller-manager-metrics-service_v1_service.yaml delete mode 100644 bundle/manifests/patterns-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml delete mode 100644 config/default/manager_auth_proxy_patch.yaml delete mode 100644 config/prometheus/kustomization.yaml delete mode 100644 config/prometheus/monitor.yaml diff --git a/bundle/manifests/patterns-operator-controller-manager-metrics-service_v1_service.yaml b/bundle/manifests/patterns-operator-controller-manager-metrics-service_v1_service.yaml deleted file mode 100644 index 0f3aa71e1..000000000 --- a/bundle/manifests/patterns-operator-controller-manager-metrics-service_v1_service.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - creationTimestamp: null - labels: - control-plane: controller-manager - name: patterns-operator-controller-manager-metrics-service -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager -status: - loadBalancer: {} diff --git a/bundle/manifests/patterns-operator-manager-config_v1_configmap.yaml b/bundle/manifests/patterns-operator-manager-config_v1_configmap.yaml index facb7f574..75458eb03 100644 --- a/bundle/manifests/patterns-operator-manager-config_v1_configmap.yaml +++ b/bundle/manifests/patterns-operator-manager-config_v1_configmap.yaml @@ -5,8 +5,6 @@ data: kind: ControllerManagerConfig health: healthProbeBindAddress: :8081 - metrics: - bindAddress: 127.0.0.1:8080 webhook: port: 9443 leaderElection: diff --git a/bundle/manifests/patterns-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml b/bundle/manifests/patterns-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml deleted file mode 100644 index 6783cf58c..000000000 --- a/bundle/manifests/patterns-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: patterns-operator-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 5e3da2a8b..364e577fe 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -21,15 +21,7 @@ bases: - ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. #- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - patchesStrategicMerge: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -# - manager_auth_proxy_patch.yaml - # Mount the controller config file for loading manager configurations # through a ComponentConfig type #- manager_config_patch.yaml diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index 1fe4fb186..000000000 --- a/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - args: - - "--health-probe-bind-address=:8081" - - "--leader-elect" diff --git a/config/manager/controller_manager_config.yaml b/config/manager/controller_manager_config.yaml index 93b72eed7..a9bbf32f8 100644 --- a/config/manager/controller_manager_config.yaml +++ b/config/manager/controller_manager_config.yaml @@ -2,8 +2,6 @@ apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 kind: ControllerManagerConfig health: healthProbeBindAddress: :8081 -metrics: - bindAddress: 127.0.0.1:8080 webhook: port: 9443 leaderElection: diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml deleted file mode 100644 index ed137168a..000000000 --- a/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml deleted file mode 100644 index d19136ae7..000000000 --- a/config/prometheus/monitor.yaml +++ /dev/null @@ -1,20 +0,0 @@ - -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 40bc8c2a1..166fe7986 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -9,10 +9,3 @@ resources: - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -#- auth_proxy_service.yaml -#- auth_proxy_role.yaml -#- auth_proxy_role_binding.yaml -#- auth_proxy_client_clusterrole.yaml