feat: replace prometheus annotations with servicemonitor

deploy/charts/external-secrets/templates/cert-controller-deployment.yaml

@@ -59,7 +59,7 @@ spec:
             {{- end }}
           {{- end }}
           ports:
-            - containerPort: {{ .Values.certController.prometheus.service.port }}
+            - containerPort: 8080
               protocol: TCP
               name: metrics
           readinessProbe:

deploy/charts/external-secrets/templates/cert-controller-service.yaml

@@ -1,20 +0,0 @@
-{{- if and .Values.certController.create .Values.certController.prometheus.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "external-secrets.fullname" . }}-cert-controller-metrics
-  labels:
-    {{- include "external-secrets.labels" . | nindent 4 }}
-  annotations:
-    prometheus.io/path: "/metrics"
-    prometheus.io/scrape: "true"
-    prometheus.io/port: {{ .Values.certController.prometheus.service.port | quote }}
-spec:
-  type: ClusterIP
-  ports:
-  - port: {{ .Values.certController.prometheus.service.port }}
-    protocol: TCP
-    name: metrics
-  selector:
-    {{- include "external-secrets-cert-controller.selectorLabels" . | nindent 4 }}
-{{- end }}

deploy/charts/external-secrets/templates/cert-controller-servicemonitor.yaml

@@ -0,0 +1,38 @@
+{{- if and .Values.certController.create .Values.certController.serviceMonitor.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "external-secrets.fullname" . }}-cert-controller-metrics
+  labels:
+    {{- include "external-secrets-cert-controller.selectorLabels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+  - port: 8080
+    protocol: TCP
+    name: metrics
+  selector:
+    {{- include "external-secrets-cert-controller.selectorLabels" . | nindent 4 }}
+---
+apiVersion: "monitoring.coreos.com/v1"
+kind: ServiceMonitor
+metadata:
+  labels:
+    {{- include "external-secrets-cert-controller.labels" . | nindent 4 }}
+{{- if .Values.certController.serviceMonitor.additionalLabels }}
+{{ toYaml .Values.certController.serviceMonitor.additionalLabels | indent 4 }}
+{{- end }}
+  name: {{ include "external-secrets.fullname" . }}-cert-controller-metrics
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "external-secrets-cert-controller.selectorLabels" . | nindent 6 }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace | quote }}
+  endpoints:
+  - port: metrics
+    interval: {{ .Values.certController.serviceMonitor.interval }}
+    scrapeTimeout: {{ .Values.certController.serviceMonitor.scrapeTimeout }}
+{{- end }}

deploy/charts/external-secrets/templates/deployment.yaml

@@ -78,7 +78,7 @@ spec:
           {{- end }}
           {{- end }}
           ports:
-            - containerPort: {{ .Values.prometheus.service.port }}
+            - containerPort: 8080
               protocol: TCP
               name: metrics
           {{- with .Values.extraEnv }}

deploy/charts/external-secrets/templates/service.yaml

@@ -1,21 +0,0 @@
-{{- if .Values.prometheus.enabled }}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "external-secrets.fullname" . }}-metrics
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- include "external-secrets.labels" . | nindent 4 }}
-  annotations:
-    prometheus.io/path: "/metrics"
-    prometheus.io/scrape: "true"
-    prometheus.io/port: {{ .Values.prometheus.service.port | quote }}
-spec:
-  type: ClusterIP
-  ports:
-    - port: {{ .Values.prometheus.service.port }}
-      protocol: TCP
-      name: metrics
-  selector:
-    {{- include "external-secrets.selectorLabels" . | nindent 4 }}
-{{- end }}

deploy/charts/external-secrets/templates/servicemonitor.yaml

@@ -0,0 +1,39 @@
+{{- if .Values.serviceMonitor.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "external-secrets.fullname" . }}-metrics
+  namespace: {{ .Release.Namespace | quote }}
+  labels:
+    {{- include "external-secrets.selectorLabels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      protocol: TCP
+      name: metrics
+  selector:
+    {{- include "external-secrets.selectorLabels" . | nindent 4 }}
+---
+apiVersion: "monitoring.coreos.com/v1"
+kind: ServiceMonitor
+metadata:
+  labels:
+    {{- include "external-secrets.labels" . | nindent 4 }}
+{{- if .Values.serviceMonitor.additionalLabels }}
+{{ toYaml .Values.serviceMonitor.additionalLabels | indent 4 }}
+{{- end }}
+  name: {{ include "external-secrets.fullname" . }}-metrics
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "external-secrets.selectorLabels" . | nindent 6 }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace | quote }}
+  endpoints:
+  - port: metrics
+    interval: {{ .Values.serviceMonitor.interval }}
+    scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
+{{- end }}

deploy/charts/external-secrets/templates/webhook-deployment.yaml

@@ -59,7 +59,7 @@ spec:
             {{- end }}
           {{- end }}
           ports:
-            - containerPort: {{ .Values.webhook.prometheus.service.port }}
+            - containerPort: 8080
               protocol: TCP
               name: metrics
             - containerPort: {{ .Values.webhook.port }}

deploy/charts/external-secrets/templates/webhook-service.yaml

@@ -7,12 +7,6 @@ metadata:
   labels:
     {{- include "external-secrets-webhook.labels" . | nindent 4 }}
     external-secrets.io/component : webhook
-  {{- if .Values.webhook.prometheus.enabled}}
-  annotations:
-    prometheus.io/path: "/metrics"
-    prometheus.io/scrape: "true"
-    prometheus.io/port: {{ .Values.prometheus.service.port | quote }}
-  {{- end }}
 spec:
   type: ClusterIP
   ports:
@@ -20,12 +14,6 @@ spec:
     targetPort: {{ .Values.webhook.port }}
     protocol: TCP
     name: webhook
-  {{- if .Values.webhook.prometheus.enabled}}
-  - port: {{ .Values.webhook.prometheus.service.port}}
-    targetPort: {{ .Values.webhook.prometheus.service.port}}
-    protocol: TCP
-    name: metrics
-  {{- end }}
   selector:
     {{- include "external-secrets-webhook.selectorLabels" . | nindent 4 }}
 {{- end }}

deploy/charts/external-secrets/templates/webhook-servicemonitor.yaml

@@ -0,0 +1,38 @@
+{{- if and .Values.webhook.create .Values.webhook.serviceMonitor.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "external-secrets.fullname" . }}-webhook-metrics
+  labels:
+    {{- include "external-secrets-webhook.selectorLabels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+  - port: 8080
+    protocol: TCP
+    name: metrics
+  selector:
+    {{- include "external-secrets-webhook.selectorLabels" . | nindent 4 }}
+---
+apiVersion: "monitoring.coreos.com/v1"
+kind: ServiceMonitor
+metadata:
+  labels:
+    {{- include "external-secrets-webhook.labels" . | nindent 4 }}
+{{- if .Values.webhook.serviceMonitor.additionalLabels }}
+{{ toYaml .Values.webhook.serviceMonitor.additionalLabels | indent 4 }}
+{{- end }}
+  name: {{ include "external-secrets.fullname" . }}-webhook-metrics
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "external-secrets-webhook.selectorLabels" . | nindent 6 }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace | quote }}
+  endpoints:
+  - port: metrics
+    interval: {{ .Values.webhook.serviceMonitor.interval }}
+    scrapeTimeout: {{ .Values.webhook.serviceMonitor.scrapeTimeout }}
+{{- end }}

deploy/charts/external-secrets/values.yaml

@@ -97,6 +97,19 @@ prometheus:
   service:
     port: 8080
 
+serviceMonitor:
+  # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
+  enabled: false
+
+  # -- Additional labels
+  additionalLabels: {}
+
+  # --  Interval to scrape metrics
+  interval: 30s
+
+  # -- Timeout if metrics can't be retrieved in given time interval
+  scrapeTimeout: 25s
+
 nodeSelector: {}
 
 tolerations: []
@@ -145,11 +158,20 @@ webhook:
 
     # -- Pod priority class name.
   priorityClassName: ""
-  prometheus:
-      # -- Specifies whether to expose Service resource for collecting Prometheus metrics
+
+  serviceMonitor:
+    # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
     enabled: false
-    service:
-      port: 8080
+
+    # -- Additional labels
+    additionalLabels: {}
+
+    # --  Interval to scrape metrics
+    interval: 30s
+
+    # -- Timeout if metrics can't be retrieved in given time interval
+    scrapeTimeout: 25s
+
     ## -- Extra environment variables to add to container.
   extraEnv: []
 
@@ -210,11 +232,20 @@ certController:
 
     # -- Pod priority class name.
   priorityClassName: ""
-  prometheus:
-      # -- Specifies whether to expose Service resource for collecting Prometheus metrics
+
+  serviceMonitor:
+    # -- Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics
     enabled: false
-    service:
-      port: 8080
+
+    # -- Additional labels
+    additionalLabels: {}
+
+    # --  Interval to scrape metrics
+    interval: 30s
+
+    # -- Timeout if metrics can't be retrieved in given time interval
+    scrapeTimeout: 25s
+
     ## -- Extra environment variables to add to container.
   extraEnv: []