From 37d8e4bc958bf33f4c00a0df3c1b8d3f7c90fa7a Mon Sep 17 00:00:00 2001
From: Tobi Nehrlich <tobi.nehrlich@amazee.io>
Date: Thu, 18 Apr 2024 15:03:10 +0200
Subject: [PATCH] chore: Use dedicated service for metrics

When the main service is used as a load balancer service to allow public
access through mTLS, the metrics should not be exposed on the same
service.
---
 charts/lagoon-logs-concentrator/Chart.yaml    |  4 ++--
 .../templates/metrics-service.yaml            | 22 +++++++++++++++++++
 .../templates/service.yaml                    |  4 ----
 .../templates/servicemonitor.yaml             |  1 +
 .../templates/statefulset.yaml                |  2 ++
 charts/lagoon-logs-concentrator/values.yaml   |  8 +++++++
 6 files changed, 35 insertions(+), 6 deletions(-)
 create mode 100644 charts/lagoon-logs-concentrator/templates/metrics-service.yaml

diff --git a/charts/lagoon-logs-concentrator/Chart.yaml b/charts/lagoon-logs-concentrator/Chart.yaml
index 5ceac6a4..6476e9fe 100644
--- a/charts/lagoon-logs-concentrator/Chart.yaml
+++ b/charts/lagoon-logs-concentrator/Chart.yaml
@@ -19,7 +19,7 @@ type: application
 # time you make changes to the chart and its templates, including the app
 # version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.47.0
+version: 0.48.0
 
 # This section is used to collect a changelog for artifacthub.io
 # It should be started afresh for each release
@@ -27,4 +27,4 @@ version: 0.47.0
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: update uselagoon/logs-concentrator image to v3.2.0
+      description: use dedicated service for metrics
diff --git a/charts/lagoon-logs-concentrator/templates/metrics-service.yaml b/charts/lagoon-logs-concentrator/templates/metrics-service.yaml
new file mode 100644
index 00000000..8c4c92fb
--- /dev/null
+++ b/charts/lagoon-logs-concentrator/templates/metrics-service.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+{{- with .Values.metrics.service.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+{{- end }}
+  name: {{ include "lagoon-logs-concentrator.fullname" . }}-metrics
+  labels:
+    metrics-only: "true"
+    {{- include "lagoon-logs-concentrator.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.metrics.service.type }}
+  ports:
+    - port: {{ .Values.metrics.service.port }}
+      targetPort: metrics
+      protocol: TCP
+      name: metrics
+  selector:
+    {{- include "lagoon-logs-concentrator.selectorLabels" . | nindent 4 }}
+{{- end }}
diff --git a/charts/lagoon-logs-concentrator/templates/service.yaml b/charts/lagoon-logs-concentrator/templates/service.yaml
index cdf01c59..ffaaa3cc 100644
--- a/charts/lagoon-logs-concentrator/templates/service.yaml
+++ b/charts/lagoon-logs-concentrator/templates/service.yaml
@@ -15,9 +15,5 @@ spec:
       targetPort: forward
       protocol: TCP
       name: forward
-    - port: 24231
-      targetPort: metrics
-      protocol: TCP
-      name: metrics
   selector:
     {{- include "lagoon-logs-concentrator.selectorLabels" . | nindent 4 }}
diff --git a/charts/lagoon-logs-concentrator/templates/servicemonitor.yaml b/charts/lagoon-logs-concentrator/templates/servicemonitor.yaml
index 2fe51e19..5a07e01b 100644
--- a/charts/lagoon-logs-concentrator/templates/servicemonitor.yaml
+++ b/charts/lagoon-logs-concentrator/templates/servicemonitor.yaml
@@ -17,5 +17,6 @@ spec:
       - {{ .Release.Namespace }}
   selector:
     matchLabels:
+      metrics-only: "true"
       {{- include "lagoon-logs-concentrator.selectorLabels" . | nindent 6 }}
 {{- end }}
diff --git a/charts/lagoon-logs-concentrator/templates/statefulset.yaml b/charts/lagoon-logs-concentrator/templates/statefulset.yaml
index f9784dd3..096f303b 100644
--- a/charts/lagoon-logs-concentrator/templates/statefulset.yaml
+++ b/charts/lagoon-logs-concentrator/templates/statefulset.yaml
@@ -54,9 +54,11 @@ spec:
         - name: forward
           containerPort: 24224
           protocol: TCP
+        {{- if .Values.metrics.enabled }}
         - name: metrics
           containerPort: 24231
           protocol: TCP
+        {{- end }}
         livenessProbe:
           tcpSocket:
             port: forward
diff --git a/charts/lagoon-logs-concentrator/values.yaml b/charts/lagoon-logs-concentrator/values.yaml
index 8757ae40..ad515551 100644
--- a/charts/lagoon-logs-concentrator/values.yaml
+++ b/charts/lagoon-logs-concentrator/values.yaml
@@ -46,6 +46,14 @@ service:
   # Annotations to add to the service
   annotations: {}
 
+metrics:
+  enabled: true
+  service:
+    type: ClusterIP
+    port: 24231
+    # annotations to add to the metrics service
+    annotations: {}
+
 serviceMonitor:
   enabled: true