Peter Kurfer
647f602c79
- added Core CRD to manage DB migrations & configuration, PostgREST and GoTrue (auth) - added APIGateway CRD to manage Envoy proxy - added Dashboard CRD to manage (so far) pg-meta and (soon) studio deployments - implemented basic Envoy control plane based on K8s watcher
30 lines
1.4 KiB
YAML
30 lines
1.4 KiB
YAML
# Prometheus Monitor Service (Metrics)
|
|
apiVersion: monitoring.coreos.com/v1
|
|
kind: ServiceMonitor
|
|
metadata:
|
|
labels:
|
|
control-plane: controller-manager
|
|
app.kubernetes.io/name: supabase-operator
|
|
app.kubernetes.io/managed-by: kustomize
|
|
name: controller-manager-metrics-monitor
|
|
namespace: supabase-system
|
|
spec:
|
|
endpoints:
|
|
- path: /metrics
|
|
port: https # Ensure this is the name of the port that exposes HTTPS metrics
|
|
scheme: https
|
|
bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
|
|
tlsConfig:
|
|
# TODO(user): The option insecureSkipVerify: true is not recommended for production since it disables
|
|
# certificate verification. This poses a significant security risk by making the system vulnerable to
|
|
# man-in-the-middle attacks, where an attacker could intercept and manipulate the communication between
|
|
# Prometheus and the monitored services. This could lead to unauthorized access to sensitive metrics data,
|
|
# compromising the integrity and confidentiality of the information.
|
|
# Please use the following options for secure configurations:
|
|
# caFile: /etc/metrics-certs/ca.crt
|
|
# certFile: /etc/metrics-certs/tls.crt
|
|
# keyFile: /etc/metrics-certs/tls.key
|
|
insecureSkipVerify: true
|
|
selector:
|
|
matchLabels:
|
|
control-plane: controller-manager
|