NETOBSERV-1532: add TLS support to ebpf agent metrics config

Signed-off-by: Mohamed Mahmoud <mmahmoud@redhat.com>
netobserv · Mar 25, 2024 · dd62867 · dd62867
1 parent c08b28b
commit dd62867
Showing 1 changed file with 33 additions and 4 deletions.
diff --git a/controllers/ebpf/agent_controller.go b/controllers/ebpf/agent_controller.go
@@ -58,6 +58,8 @@ const (
 	envEnableMetrics              = "METRICS_ENABLE"
 	envMetricsPort                = "METRICS_SERVER_PORT"
 	envMetricPrefix               = "METRICS_PREFIX"
+	envMetricsTLSCertPath         = "METRICS_TLS_CERT_PATH"
+	envMetricsTLSKeyPath          = "METRICS_TLS_KEY_PATH"
 	envListSeparator              = ","
 )
 
@@ -195,7 +197,7 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol
 	}
 	version := helper.ExtractVersion(c.Image)
 	annotations := make(map[string]string)
-	env, err := c.envConfig(ctx, coll, annotations)
+	env, err := c.envConfig(ctx, coll, annotations, rlog)
 	if err != nil {
 		return nil, err
 	}
@@ -288,8 +290,8 @@ func (c *AgentController) desired(ctx context.Context, coll *flowslatest.FlowCol
 	}, nil
 }
 
-func (c *AgentController) envConfig(ctx context.Context, coll *flowslatest.FlowCollector, annots map[string]string) ([]corev1.EnvVar, error) {
-	config := c.setEnvConfig(coll)
+func (c *AgentController) envConfig(ctx context.Context, coll *flowslatest.FlowCollector, annots map[string]string, rlog logr.Logger) ([]corev1.EnvVar, error) {
+	config := c.setEnvConfig(coll, rlog)
 
 	if helper.UseKafka(&coll.Spec) {
 		config = append(config,
@@ -377,7 +379,8 @@ func (c *AgentController) securityContext(coll *flowslatest.FlowCollector) *core
 	return sc
 }
 
-func (c *AgentController) setEnvConfig(coll *flowslatest.FlowCollector) []corev1.EnvVar {
+// nolint:cyclop
+func (c *AgentController) setEnvConfig(coll *flowslatest.FlowCollector, rlog logr.Logger) []corev1.EnvVar {
 	var config []corev1.EnvVar
 
 	if coll.Spec.Agent.EBPF.CacheActiveTimeout != "" {
@@ -468,6 +471,32 @@ func (c *AgentController) setEnvConfig(coll *flowslatest.FlowCollector) []corev1
 			Name:  envMetricPrefix,
 			Value: "netobserv_agent_",
 		})
+		var promTLS *flowslatest.CertificateReference
+		switch coll.Spec.Agent.EBPF.Metrics.Server.TLS.Type {
+		case flowslatest.ServerTLSProvided:
+			promTLS = coll.Spec.Agent.EBPF.Metrics.Server.TLS.Provided
+			if promTLS == nil {
+				rlog.Info("EBPF agent metric tls configuration set to provided but none is provided")
+			}
+		case flowslatest.ServerTLSAuto:
+			promTLS = &flowslatest.CertificateReference{
+				Type:     "secret",
+				Name:     constants.EBPFAgentMetricsSvcName,
+				CertFile: "tls.crt",
+				CertKey:  "tls.key",
+			}
+		case flowslatest.ServerTLSDisabled:
+			// nothing to do there
+		}
+		if promTLS != nil {
+			config = append(config, corev1.EnvVar{Name: envMetricsTLSKeyPath,
+				Value: promTLS.CertKey,
+			})
+			config = append(config, corev1.EnvVar{
+				Name:  envMetricsTLSCertPath,
+				Value: promTLS.CertFile,
+			})
+		}
 	}
 
 	dedup := dedupeDefault