feat(service-monitor): support bearer token authentication on metrics endpoint (#719)

### Benefits

Can protect metrics endpoint with `Bearer` token authentication provided by gitea.
see PR #637 for previous discussion.

### Possible drawbacks

No possible drawbacks

### Applicable issues

- fixes #635

### Additional information

```
gitea:
  metrics:
    enabled: true
    token: "somepassword"
    serviceMonitor:
      enabled: true
```

Using above configuration is sufficient to secure /metrics endpoint with bearer token and corresponding ServiceMonitor.

### Checklist

- [x] Parameters are documented in the `values.yaml` and added to the `README.md` using [readme-generator-for-helm](https://github.com/bitnami-labs/readme-generator-for-helm)
- [ ] ~~Breaking changes are documented in the `README.md`~~ Not applicable
- [x] Templating unittests are added

Signed-off-by: Hitesh Nayak <hiteshnayak305@gmail.com>
Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/719
Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.com>
Co-authored-by: Hitesh Nayak <hiteshnayak305@gmail.com>
Co-committed-by: Hitesh Nayak <hiteshnayak305@gmail.com>
This commit is contained in:
Hitesh Nayak
2024-11-30 13:59:29 +00:00
committed by justusbunsi
parent 3bacaaad84
commit 389a8460e4
10 changed files with 253 additions and 0 deletions

View File

@ -461,6 +461,7 @@ gitea:
passwordMode: keepUpdated
## @param gitea.metrics.enabled Enable Gitea metrics
## @param gitea.metrics.token used for `bearer` token authentication on metrics endpoint. If not specified or empty metrics endpoint is public.
## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor. Requires, that `gitea.metrics.enabled` is also set to true, to enable metrics generally.
## @param gitea.metrics.serviceMonitor.interval Interval at which metrics should be scraped. If not specified Prometheus' global scrape interval is used.
## @param gitea.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping.
@ -469,6 +470,7 @@ gitea:
## @param gitea.metrics.serviceMonitor.tlsConfig TLS configuration to use when scraping the metric endpoint by Prometheus.
metrics:
enabled: false
token:
serviceMonitor:
enabled: false
# additionalLabels: