helm: adding optional to expose tetragon-operator metrics

[hungran]

hey team, I'm new here so please correct me if I'm missing somewhere

This will fix the issue #1778

• port in the operator Deployment + a Service exposing it
• Helm value configuring the operator metrics port
• optional ServiceAccount scraping operator metrics following the issue -> not sure the 3rd point as I've seen we already had SA for TetragonOperator

Add a Kubernetes service exposing Tetragon Operator metrics. Make the operator metrics port configurable via Helm values and change the default to 2113.

[lambdanis]

Thank you for tackling this @hungran. I left some comments about the Helm values.

[netlify]

✅ Deploy Preview for tetragon ready!

Name	Link
🔨 Latest commit	b22126c
🔍 Latest deploy log	https://app.netlify.com/sites/tetragon/deploys/656c327579a0fe0009d3e82c
😎 Deploy Preview	https://deploy-preview-1797--tetragon.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[hungran]

indent level was re-corrected, @lambdanis might have chance to re-run the CI?

[lambdanis]

@hungran Thanks for the update, I requested one more change (to pass port to the operator via the configmap).

Also, please run cd install/kubernetes && ./test.sh to generate Helm docs. Otherwise the CI will fail like here: https://github.com/cilium/tetragon/actions/runs/7014110773/job/19099622794

Could you also squash the commits when you make changes? Thanks!

[hungran]

@lambdanis not sure why must pass port to configmap as metrics-bind-address as we changed the default value to 2113 or here we can have a way that cmd.Flag() could have metrics-bind-address from config file (config map)? is this idea here?

noted: there is a change from test.sh as below, also generated README.md

[lambdanis]

not sure why must pass port to configmap as metrics-bind-address as we changed the default value to 2113 or here we can have a way that cmd.Flag() could have metrics-bind-address from config file (config map)? is this idea here?

The operator configmap is mounted in the operator deployment, and the flags are read from there already. So to make it possible to use a non-default port for the metrics server, we need to pass a flag via the configmap.

[hungran]

not sure why must pass port to configmap as metrics-bind-address as we changed the default value to 2113 or here we can have a way that cmd.Flag() could have metrics-bind-address from config file (config map)? is this idea here?

The operator configmap is mounted in the operator deployment, and the flags are read from there already. So to make it possible to use a non-default port for the metrics server, we need to pass a flag via the configmap.

Hi @lambdanis Correct me if I'm wrong, the current TetragonOperator not yet read that flag though?
I've tried to used image the v1.0.0 from the hub and also built on my local and tried to deploy by difference port along with the configmap metrics-bind-address. However, seem like the metrics server still bind to the default port by cmd Flags as hardcode under operator/cmd/serve/serve.go

tetragon/operator/cmd/serve/serve.go

Line 93 in 564b819

cmd.Flags().StringVar(&metricsAddr, "metrics-bind-address", ":2113", "The address the metric endpoint binds to.")

[lambdanis]

Hi @lambdanis Correct me if I'm wrong, the current TetragonOperator not yet read that flag though?
I've tried to used image the v1.0.0 from the hub and also built on my local and tried to deploy by difference port along with the configmap metrics-bind-address. However, seem like the metrics server still bind to the default port by cmd Flags as hardcode under operator/cmd/serve/serve.go

You're right, currently the operator doesn't read this flag from the configmap, thank you for testing it 🙇‍♀️ It does, however read this flag if it's passed as a command line argument, so we can pass it here in the deployment spec.

It seems some changes merged to main are conflicting with your changes (sorry about that), could you rebase your branch with main and force push? Please remove the merge commits and rebase instead, it seems that CI doesn't like these merges.

[hungran]

Hi @lambdanis Correct me if I'm wrong, the current TetragonOperator not yet read that flag though?
I've tried to used image the v1.0.0 from the hub and also built on my local and tried to deploy by difference port along with the configmap metrics-bind-address. However, seem like the metrics server still bind to the default port by cmd Flags as hardcode under operator/cmd/serve/serve.go

You're right, currently the operator doesn't read this flag from the configmap, thank you for testing it 🙇‍♀️ It does, however read this flag if it's passed as a command line argument, so we can pass it here in the deployment spec.

It seems some changes merged to main are conflicting with your changes (sorry about that), could you rebase your branch with main and force push? Please remove the merge commits and rebase instead, it seems that CI doesn't like these merges.

Thanks, it was run from my local environment by the container argument
rebase and updated, should be one more chance to run the full CI flow tho

[lambdanis]

One indent in the service seems too big, but other than that changes look good :)

I see that the commit message contains multiple sign-offs. Could you amend it to keep only one at the end?

[hungran]

One indent in the service seems too big, but other than that changes look good :)

I see that the commit message contains multiple sign-offs. Could you amend it to keep only one at the end?

ah right, done

[lambdanis]

@hungran It looks like you need to run install/kubernetes/test.sh once again, sorry.

[hungran]

@hungran It looks like you need to run install/kubernetes/test.sh once again, sorry.

no worries, a new local environment not yet has gnu-sed so the install/kubernetes/test.sh was failed btw :) updated

[lambdanis]

Thank you @hungran!