Add Configuration for Monitoring via Prometheus Operator

charts/cloudflare-tunnel-remote/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/cloudflare-tunnel-remote/templates/deployment.yaml

@@ -8,18 +8,21 @@ spec:
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
-      pod: cloudflared
+      {{- include "cloudflare-tunnel-remote.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       creationTimestamp: null
       annotations:
         # These are here so the deployment rolls when the config or secret change.
         checksum/secret: {{ .Values.cloudflare.tunnel_token | sha256sum }}
         {{- with .Values.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
+          {{- toYaml . | nindent 8 }}
         {{- end }}
       labels:
-        pod: cloudflared
+        {{- include "cloudflare-tunnel-remote.selectorLabels" . | nindent 8 }}
+      {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     spec:
       serviceAccountName: {{ include "cloudflare-tunnel-remote.fullname" . }}
       containers:
@@ -32,7 +35,7 @@ spec:
           # In a k8s environment, the metrics server needs to listen outside the pod it runs on. 
           # The address 0.0.0.0:2000 allows any pod in the namespace.
           - --metrics
-          - 0.0.0.0:2000
+          - 0.0.0.0:{{ .Values.metrics.port }}
           - run
         envFrom:
         - secretRef:
@@ -43,7 +46,10 @@ spec:
             # Cloudflared has a /ready endpoint which returns 200 if and only if
             # it has an active connection to the edge.
             path: /ready
-            port: 2000
+            port: {{ .Values.metrics.port }}
           failureThreshold: 1
           initialDelaySeconds: 10
           periodSeconds: 10
+        ports:
+        - containerPort: {{ .Values.metrics.port }}
+          name: http-metrics

charts/cloudflare-tunnel-remote/templates/podmonitor.yaml

@@ -0,0 +1,33 @@
+{{- if .Values.metrics.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: {{ include "cloudflare-tunnel-remote.fullname" . }}
+  {{- with .Values.metrics.podMonitor.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cloudflare-tunnel-remote.labels" . | nindent 4 }}
+  {{- with .Values.metrics.podMonitor.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  jobLabel: {{ default "app.kubernetes.io/name" .Values.metrics.podMonitor.jobLabel }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      {{- include "cloudflare-tunnel-remote.selectorLabels" . | nindent 6 }}
+  {{- with .Values.metrics.podMonitor.podTargetLabels }}
+  podTargetLabels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  podMetricsEndpoints:
+    - port: http-metrics
+      path: /metrics
+    {{- with .Values.metrics.podMonitor.endpointConfig }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+{{- end }}

charts/cloudflare-tunnel-remote/values.yaml

@@ -24,6 +24,8 @@ serviceAccount:
   name: ""
 
 podAnnotations: {}
+podLabels:
+  pod: cloudflared
 
 # Security items common to everything in the pod.  Here we require that it
 # does not run as the user defined in the image, literally named "nonroot".
@@ -57,3 +59,19 @@ tolerations: []
 
 # Default affinity is to spread out over nodes; use this to override.
 affinity: {}
+
+metrics:
+  # The port on which to expose the metrics and ready endpoints
+  port: 2000
+  podMonitor:
+    enabled: false
+    # The label to use to retrieve the job name from. Defaults to label app.kubernetes.io/name
+    jobLabel: ""
+    # Transfers labels on the Kubernetes Pod onto the target
+    podTargetLabels: []
+    # Additional metrics endpoints configuration for the PodMonitor
+    endpointConfig: {}
+    # Additional annotations for the PodMonitor
+    annotations: {}
+    # Additional labels for the PodMonitor
+    labels: {}

charts/cloudflare-tunnel/Chart.yaml

@@ -10,7 +10,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/cloudflare-tunnel/templates/configmap.yaml

@@ -13,7 +13,7 @@ data:
     warp-routing:
       enabled: {{ .Values.cloudflare.enableWarp }}
     # Serves the metrics server under /metrics and the readiness server under /ready
-    metrics: 0.0.0.0:2000
+    metrics: 0.0.0.0:{{ .Values.metrics.port }}
     # Autoupdates applied in a k8s pod will be lost when the pod is removed or restarted, so
     # autoupdate doesn't make sense in Kubernetes. However, outside of Kubernetes, we strongly
     # recommend using autoupdate.

charts/cloudflare-tunnel/templates/deployment.yaml

@@ -48,10 +48,13 @@ spec:
               # Cloudflared has a /ready endpoint which returns 200 if and only if
               # it has an active connection to the edge.
               path: /ready
-              port: 2000
+              port: {{ .Values.metrics.port }}
             failureThreshold: 1
             initialDelaySeconds: 10
             periodSeconds: 10
+          ports:
+          - containerPort: {{ .Values.metrics.port }}
+            name: http-metrics
           volumeMounts:
             - name: config
               mountPath: /etc/cloudflared/config

charts/cloudflare-tunnel/templates/podmonitor.yaml

@@ -0,0 +1,33 @@
+{{- if .Values.metrics.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: {{ include "cloudflare-tunnel.fullname" . }}
+  {{- with .Values.metrics.podMonitor.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cloudflare-tunnel.labels" . | nindent 4 }}
+  {{- with .Values.metrics.podMonitor.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  jobLabel: {{ default "app.kubernetes.io/name" .Values.metrics.podMonitor.jobLabel }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      {{- include "cloudflare-tunnel.selectorLabels" . | nindent 6 }}
+  {{- with .Values.metrics.podMonitor.podTargetLabels }}
+  podTargetLabels:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  podMetricsEndpoints:
+    - port: http-metrics
+      path: /metrics
+    {{- with .Values.metrics.podMonitor.endpointConfig }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+{{- end }}

charts/cloudflare-tunnel/values.yaml

@@ -79,3 +79,19 @@ tolerations: []
 
 # Default affinity is to spread out over nodes; use this to override.
 affinity: {}
+
+metrics:
+  # The port on which to expose the metrics and ready endpoints
+  port: 2000
+  podMonitor:
+    enabled: false
+    # The label to use to retrieve the job name from. Defaults to label app.kubernetes.io/name
+    jobLabel: ""
+    # Transfers labels on the Kubernetes Pod onto the target
+    podTargetLabels: []
+    # Additional metrics endpoints configuration for the PodMonitor
+    endpointConfig: {}
+    # Additional annotations for the PodMonitor
+    annotations: {}
+    # Additional labels for the PodMonitor
+    labels: {}