cloudflare · josephschadlick · Aug 15, 2023 · Aug 16, 2023 · Aug 22, 2023 · Aug 22, 2023
diff --git a/charts/cloudflare-tunnel-remote/Chart.yaml b/charts/cloudflare-tunnel-remote/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/cloudflare-tunnel-remote/templates/deployment.yaml b/charts/cloudflare-tunnel-remote/templates/deployment.yaml
@@ -8,18 +8,21 @@ spec:
   replicas: {{ .Values.replicaCount }}
   selector:
     matchLabels:
-      pod: cloudflared
+      {{- include "cloudflare-tunnel-remote.selectorLabels" . | nindent 6 }}
   template:
     metadata:
       creationTimestamp: null
       annotations:
         # These are here so the deployment rolls when the config or secret change.
         checksum/secret: {{ .Values.cloudflare.tunnel_token | sha256sum }}
         {{- with .Values.podAnnotations }}
-        {{- toYaml . | nindent 8 }}
+          {{- toYaml . | nindent 8 }}
         {{- end }}
       labels:
-        pod: cloudflared
+        {{- include "cloudflare-tunnel-remote.selectorLabels" . | nindent 8 }}
+      {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     spec:
       serviceAccountName: {{ include "cloudflare-tunnel-remote.fullname" . }}
       containers:
@@ -32,7 +35,7 @@ spec:
           # In a k8s environment, the metrics server needs to listen outside the pod it runs on. 
           # The address 0.0.0.0:2000 allows any pod in the namespace.
           - --metrics
-          - 0.0.0.0:2000
+          - 0.0.0.0:{{ .Values.metrics.port }}
           - run
         envFrom:
         - secretRef:
@@ -43,7 +46,11 @@ spec:
             # Cloudflared has a /ready endpoint which returns 200 if and only if
             # it has an active connection to the edge.
             path: /ready
-            port: 2000
+            port: {{ .Values.metrics.port }}
           failureThreshold: 1
           initialDelaySeconds: 10
           periodSeconds: 10
+        ports:
+        - containerPort: {{ .Values.metrics.port }}
+          name: metrics
+          protocol: TCP
diff --git a/charts/cloudflare-tunnel-remote/templates/service.yaml b/charts/cloudflare-tunnel-remote/templates/service.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.metrics.serviceMonitor.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "cloudflare-tunnel-remote.fullname" . }}
+  {{- with .Values.metrics.service.annotations }}
+  annotations:
+    {{ toYaml . | indent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cloudflare-tunnel-remote.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+  - protocol: TCP
+    port: {{ .Values.metrics.port }}
+    name: metrics
+    targetPort: {{ .Values.metrics.port }}
+  selector:
+    {{- include "cloudflare-tunnel-remote.selectorLabels" . | nindent 4 }}
+{{- end }}
diff --git a/charts/cloudflare-tunnel-remote/templates/servicemonitor.yaml b/charts/cloudflare-tunnel-remote/templates/servicemonitor.yaml
@@ -0,0 +1,29 @@
+
+{{- if .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "cloudflare-tunnel-remote.fullname" . }}
+  {{- with .Values.metrics.serviceMonitor.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cloudflare-tunnel-remote.labels" . | nindent 4 }}
+  {{- with .Values.metrics.serviceMonitor.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      {{- include "cloudflare-tunnel-remote.selectorLabels" . | nindent 6 }}
+  endpoints:
+    - port: metrics
+      path: /metrics
+    {{- with .Values.metrics.serviceMonitor.endpointConfig }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+{{- end }}
diff --git a/charts/cloudflare-tunnel-remote/values.yaml b/charts/cloudflare-tunnel-remote/values.yaml
@@ -24,6 +24,8 @@ serviceAccount:
   name: ""
 
 podAnnotations: {}
+podLabels:
+  pod: cloudflared
 
 # Security items common to everything in the pod.  Here we require that it
 # does not run as the user defined in the image, literally named "nonroot".
@@ -57,3 +59,18 @@ tolerations: []
 
 # Default affinity is to spread out over nodes; use this to override.
 affinity: {}
+
+metrics:
+  # The port on which to expose the metrics and ready endpoints
+  port: 2000
+  service:
+    # Additional annotations for the metrics service
+    annotations: {}
+  serviceMonitor:
+    enabled: false
+    # Endpoint configuration for the ServiceMonitor
+    endpointConfig: {}
+    # Additional annotations for the ServiceMonitor
+    annotations: {}
+    # Additional labels for the ServiceMonitor
+    labels: {}
diff --git a/charts/cloudflare-tunnel/Chart.yaml b/charts/cloudflare-tunnel/Chart.yaml
@@ -10,7 +10,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/charts/cloudflare-tunnel/templates/configmap.yaml b/charts/cloudflare-tunnel/templates/configmap.yaml
@@ -13,7 +13,7 @@ data:
     warp-routing:
       enabled: {{ .Values.cloudflare.enableWarp }}
     # Serves the metrics server under /metrics and the readiness server under /ready
-    metrics: 0.0.0.0:2000
+    metrics: 0.0.0.0:{{ .Values.metrics.port }}
     # Autoupdates applied in a k8s pod will be lost when the pod is removed or restarted, so
     # autoupdate doesn't make sense in Kubernetes. However, outside of Kubernetes, we strongly
     # recommend using autoupdate.

diff --git a/charts/cloudflare-tunnel/templates/deployment.yaml b/charts/cloudflare-tunnel/templates/deployment.yaml
@@ -48,10 +48,14 @@ spec:
               # Cloudflared has a /ready endpoint which returns 200 if and only if
               # it has an active connection to the edge.
               path: /ready
-              port: 2000
+              port: {{ .Values.metrics.port }}
             failureThreshold: 1
             initialDelaySeconds: 10
             periodSeconds: 10
+          ports:
+          - containerPort: {{ .Values.metrics.port }}
+            name: metrics
-            name: metrics
+            name: http-metrics
-            name: metrics
+            name: http-metrics
+            protocol: TCP
-            protocol: TCP
-            protocol: TCP
           volumeMounts:
             - name: config
               mountPath: /etc/cloudflared/config

diff --git a/charts/cloudflare-tunnel/templates/service.yaml b/charts/cloudflare-tunnel/templates/service.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.metrics.serviceMonitor.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "cloudflare-tunnel.fullname" . }}
+  {{- with .Values.metrics.service.annotations }}
+  annotations:
+    {{ toYaml . | indent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cloudflare-tunnel.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+  - protocol: TCP
+    port: {{ .Values.metrics.port }}
+    name: metrics
+    targetPort: {{ .Values.metrics.port }}
+  selector:
+    {{- include "cloudflare-tunnel.selectorLabels" . | nindent 4 }}
+{{- end }}
diff --git a/charts/cloudflare-tunnel/templates/servicemonitor.yaml b/charts/cloudflare-tunnel/templates/servicemonitor.yaml
@@ -0,0 +1,29 @@
+
+{{- if .Values.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "cloudflare-tunnel.fullname" . }}
+  {{- with .Values.metrics.serviceMonitor.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "cloudflare-tunnel.labels" . | nindent 4 }}
+  {{- with .Values.metrics.serviceMonitor.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      {{- include "cloudflare-tunnel.selectorLabels" . | nindent 6 }}
+  endpoints:
+    - port: metrics
+      path: /metrics
+    {{- with .Values.metrics.serviceMonitor.endpointConfig }}
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+{{- end }}
diff --git a/charts/cloudflare-tunnel/values.yaml b/charts/cloudflare-tunnel/values.yaml
@@ -79,3 +79,18 @@ tolerations: []
 
 # Default affinity is to spread out over nodes; use this to override.
 affinity: {}
+
+metrics:
+  # The port on which to expose the metrics and ready endpoints
+  port: 2000
+  service:
+    # Additional annotations for the metrics service
+    annotations: {}
+  serviceMonitor:
+    enabled: false
+    # Endpoint configuration for the ServiceMonitor
+    endpointConfig: {}
+    # Additional annotations for the ServiceMonitor
+    annotations: {}
+    # Additional labels for the ServiceMonitor
+    labels: {}