Merge pull request #2 from rheyser/rancher-pushprox-102-0-2

add imagepullsecrets and ability to force https scheme
rancher · Aug 15, 2023 · b80fff9 · b80fff9
2 parents 166fb52 + 8e59d51
commit b80fff9
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 1 deletion.
diff --git a/charts/rancher-pushprox/102.0.2/README.md b/charts/rancher-pushprox/102.0.2/README.md
@@ -55,6 +55,7 @@ The following tables list the configurable parameters of the rancher-pushprox ch
 | `clients.proxyUrl` | Overrides the default proxyUrl setting of `http://pushprox-{{ .Values.component }}-proxy.{{ . Release.Namespace }}.svc.cluster.local:{{ .Values.proxy.port }}"` with the `proxyUrl` specified | `""` |
 | `clients.useLocalhost` | Sets a flag on each client deployment to redirect scrapes directed to `HOST_IP` to `127.0.0.1` | `false` |
 | `clients.https.enabled` | Enables scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` |
+| `clients.https.forceHTTPSScheme` | Forces scraping metrics via HTTPS using the provided TLS certs that exist on each host | `false` |
 | `clients.https.useServiceAccountCredentials` | If set to true, the client will create a service account with permissions to scrape `/metrics` endpoint of Kubernetes components. The client will use the service account token provided to make authorized scrape requests to the Kubernetes API | `false` |
 | `clients.https.authenticationMethod.bearerTokenFile.enabled` | If set to true, the client will use service account credentials mounted at the configured path `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath`. This requires permissions to scrape `/metrics` endpoint of Kubernetes components. This method is deprecated by the prometheus operator and may be removed in a future release | `false` |
 | `clients.https.authenticationMethod.bearerTokenFile.bearerTokenFilePath` | This is a volume mount on the pod with permissions to scrape `/metrics` endpoint of Kubernetes components | `"/var/run/secrets/kubernetes.io/serviceaccount/token"` |

diff --git a/charts/rancher-pushprox/102.0.2/templates/_helpers.tpl b/charts/rancher-pushprox/102.0.2/templates/_helpers.tpl
@@ -102,6 +102,7 @@ app: {{ template "pushprox.serviceMonitor.name" . }}
 {{- define "pushProxy.serviceMonitor.endpoints" -}}
 {{- $proxyURL := (include "pushProxy.proxyUrl" .) -}}
 {{- $useHTTPS := .Values.clients.https.enabled -}}
+{{- $setHTTPSScheme := .Values.clients.https.forceHTTPSScheme -}}
 {{- $insecureSkipVerify := .Values.clients.https.insecureSkipVerify -}}
 {{- $useServiceAccountCredentials := .Values.clients.https.useServiceAccountCredentials -}}
 {{- $serviceAccountTokenName := (include "pushProxy.client.serviceAccountTokenName" . ) -}}
@@ -130,8 +131,10 @@ app: {{ template "pushprox.serviceMonitor.name" . }}
 {{- if not (empty $metricRelabelings) }}
 {{- $_ := set . "metricRelabelings" ($metricRelabelings)}}
 {{- end }}
-{{- if $useHTTPS -}}
+{{- if $forceHTTPSScheme -}}
 {{- $_ := set . "scheme" "https" }}
+{{- end -}}
+{{- if $useHTTPS -}}
 {{- if (hasKey . "params") }}
 {{- $_ := set (get . "params") "_scheme" (list "https") }}
 {{- else }}

diff --git a/charts/rancher-pushprox/102.0.2/templates/pushprox-clients.yaml b/charts/rancher-pushprox/102.0.2/templates/pushprox-clients.yaml
@@ -35,6 +35,10 @@ spec:
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
       serviceAccountName: {{ template "pushProxy.client.name" . }}
+      {{- if .Values.global.imagePullSecretName }}
+      imagePullSecrets:
+      - name: {{ .Values.global.imagePullSecretName }}
+      {{- end }}
       containers:
       - name: pushprox-client
         image: {{ template "system_default_registry" . }}{{ .Values.clients.image.repository }}:{{ .Values.clients.image.tag }}

diff --git a/charts/rancher-pushprox/102.0.2/templates/pushprox-proxy.yaml b/charts/rancher-pushprox/102.0.2/templates/pushprox-proxy.yaml
@@ -26,6 +26,10 @@ spec:
 {{ toYaml .Values.proxy.tolerations | indent 8 }}
 {{- end }}
       serviceAccountName: {{ template "pushProxy.proxy.name" . }}
+      {{- if .Values.global.imagePullSecretName }}
+      imagePullSecrets:
+      - name: {{ .Values.global.imagePullSecretName }}
+      {{- end }}
       containers:
       - name: pushprox-proxy
         image: {{ template "system_default_registry" . }}{{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}

diff --git a/charts/rancher-pushprox/102.0.2/values.yaml b/charts/rancher-pushprox/102.0.2/values.yaml
@@ -75,6 +75,8 @@ clients:
   https:
     # Does the client require https to access the metrics?
     enabled: false
+    # Does the client require requests be sent to http or https?
+    forceHTTPSScheme: false
     # If set to true, the client will create a service account with adequate permissions and set a flag
     # on the client to use the service account token provided by it to make authorized scrape requests
     useServiceAccountCredentials: false