diff --git a/cmd/bridge/main.go b/cmd/bridge/main.go index 848387f561e..d46cd2888ab 100644 --- a/cmd/bridge/main.go +++ b/cmd/bridge/main.go @@ -35,10 +35,6 @@ const ( k8sInClusterCA = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" k8sInClusterBearerToken = "/var/run/secrets/kubernetes.io/serviceaccount/token" - // Well-known location of the cluster monitoring (not user workload monitoring) Prometheus service for OpenShift. - // This is only accessible in-cluster. This is used for non-tenant global (alerting) rules requests. - openshiftPrometheusHost = "prometheus-k8s.openshift-monitoring.svc:9091" - // Well-known location of the tenant aware Thanos service for OpenShift exposing the query and query_range endpoints. This is only accessible in-cluster. // Thanos proxies requests to both cluster monitoring and user workload monitoring prometheus instances. openshiftThanosTenancyHost = "thanos-querier.openshift-monitoring.svc:9092" @@ -84,7 +80,6 @@ func main() { fK8sMode := fs.String("k8s-mode", "in-cluster", "in-cluster | off-cluster") fK8sModeOffClusterEndpoint := fs.String("k8s-mode-off-cluster-endpoint", "", "URL of the Kubernetes API server.") fK8sModeOffClusterSkipVerifyTLS := fs.Bool("k8s-mode-off-cluster-skip-verify-tls", false, "DEV ONLY. When true, skip verification of certs presented by k8s API server.") - fK8sModeOffClusterPrometheus := fs.String("k8s-mode-off-cluster-prometheus", "", "DEV ONLY. URL of the cluster's Prometheus server.") fK8sModeOffClusterThanos := fs.String("k8s-mode-off-cluster-thanos", "", "DEV ONLY. URL of the cluster's Thanos server.") fK8sModeOffClusterAlertmanager := fs.String("k8s-mode-off-cluster-alertmanager", "", "DEV ONLY. URL of the cluster's AlertManager server.") fK8sModeOffClusterMetering := fs.String("k8s-mode-off-cluster-metering", "", "DEV ONLY. URL of the cluster's metering server.") @@ -323,11 +318,6 @@ func main() { RootCAs: serviceProxyRootCAs, CipherSuites: crypto.DefaultCiphers(), } - srv.PrometheusProxyConfig = &proxy.Config{ - TLSClientConfig: serviceProxyTLSConfig, - HeaderBlacklist: []string{"Cookie", "X-CSRFToken"}, - Endpoint: &url.URL{Scheme: "https", Host: openshiftPrometheusHost, Path: "/api"}, - } srv.ThanosProxyConfig = &proxy.Config{ TLSClientConfig: serviceProxyTLSConfig, HeaderBlacklist: []string{"Cookie", "X-CSRFToken"}, @@ -368,15 +358,7 @@ func main() { Endpoint: k8sEndpoint, } - if *fK8sModeOffClusterPrometheus != "" { - offClusterPrometheusURL := bridge.ValidateFlagIsURL("k8s-mode-off-cluster-prometheus", *fK8sModeOffClusterPrometheus) - offClusterPrometheusURL.Path = "/api" - srv.PrometheusProxyConfig = &proxy.Config{ - TLSClientConfig: serviceProxyTLSConfig, - HeaderBlacklist: []string{"Cookie", "X-CSRFToken"}, - Endpoint: offClusterPrometheusURL, - } - + if *fK8sModeOffClusterThanos != "" { offClusterThanosURL := bridge.ValidateFlagIsURL("k8s-mode-off-cluster-thanos", *fK8sModeOffClusterThanos) offClusterThanosURL.Path = "/api" srv.ThanosTenancyProxyConfig = &proxy.Config{ diff --git a/contrib/oc-environment.sh b/contrib/oc-environment.sh index 29b94447465..c6bc3d804f4 100644 --- a/contrib/oc-environment.sh +++ b/contrib/oc-environment.sh @@ -29,9 +29,6 @@ export BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS BRIDGE_K8S_MODE_OFF_CLUSTER_THANOS=$(oc -n openshift-config-managed get configmap monitoring-shared-config -o jsonpath='{.data.thanosPublicURL}') export BRIDGE_K8S_MODE_OFF_CLUSTER_THANOS -BRIDGE_K8S_MODE_OFF_CLUSTER_PROMETHEUS=$(oc -n openshift-config-managed get configmap monitoring-shared-config -o jsonpath='{.data.prometheusPublicURL}') -export BRIDGE_K8S_MODE_OFF_CLUSTER_PROMETHEUS - BRIDGE_K8S_MODE_OFF_CLUSTER_ALERTMANAGER=$(oc -n openshift-config-managed get configmap monitoring-shared-config -o jsonpath='{.data.alertmanagerPublicURL}') export BRIDGE_K8S_MODE_OFF_CLUSTER_ALERTMANAGER diff --git a/examples/run-bridge.sh b/examples/run-bridge.sh index f1ded924393..0e94d442541 100755 --- a/examples/run-bridge.sh +++ b/examples/run-bridge.sh @@ -15,6 +15,5 @@ set -exuo pipefail --user-auth-oidc-client-id=console-oauth-client \ --user-auth-oidc-client-secret-file=examples/console-client-secret \ --user-auth-oidc-ca-file=examples/ca.crt \ - --k8s-mode-off-cluster-prometheus="$(oc -n openshift-config-managed get configmap monitoring-shared-config -o jsonpath='{.data.prometheusPublicURL}')" \ --k8s-mode-off-cluster-alertmanager="$(oc -n openshift-config-managed get configmap monitoring-shared-config -o jsonpath='{.data.alertmanagerPublicURL}')" \ --k8s-mode-off-cluster-thanos="$(oc -n openshift-config-managed get configmap monitoring-shared-config -o jsonpath='{.data.thanosPublicURL}')" diff --git a/pkg/server/server.go b/pkg/server/server.go index 7ecf6fcb8d8..2353831bd83 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -104,7 +104,6 @@ type Server struct { DexClient api.DexClient // A client with the correct TLS setup for communicating with the API server. K8sClient *http.Client - PrometheusProxyConfig *proxy.Config ThanosProxyConfig *proxy.Config ThanosTenancyProxyConfig *proxy.Config ThanosTenancyProxyForRulesConfig *proxy.Config @@ -130,7 +129,7 @@ func (s *Server) authDisabled() bool { } func (s *Server) prometheusProxyEnabled() bool { - return s.PrometheusProxyConfig != nil && s.ThanosTenancyProxyConfig != nil && s.ThanosTenancyProxyForRulesConfig != nil + return s.ThanosTenancyProxyConfig != nil && s.ThanosTenancyProxyForRulesConfig != nil } func (s *Server) alertManagerProxyEnabled() bool {