diff --git a/cmd/operator/main.go b/cmd/operator/main.go index 84e9ef03c..e95bbe578 100644 --- a/cmd/operator/main.go +++ b/cmd/operator/main.go @@ -47,7 +47,7 @@ var defaultImages = map[string]string{ "ui-logging-pf4": "quay.io/openshift-observability-ui/logging-view-plugin:v6.0.0", "ui-logging": "quay.io/openshift-observability-ui/logging-view-plugin:v6.1.1", "korrel8r": "quay.io/korrel8r/korrel8r:release-coo-1.2", - "health-analyzer": "quay.io/openshiftanalytics/cluster-health-analyzer:v0.5.0", + "health-analyzer": "quay.io/openshiftanalytics/cluster-health-analyzer:v0.5.1", "ui-monitoring-pf5": "quay.io/openshift-observability-ui/monitoring-console-plugin:v0.4.0", "ui-monitoring": "quay.io/openshift-observability-ui/monitoring-console-plugin:v0.5.0", "perses": "quay.io/persesdev/perses:v0.50.3", diff --git a/pkg/controllers/uiplugin/components.go b/pkg/controllers/uiplugin/components.go index 5e698044d..8de6e0b4c 100644 --- a/pkg/controllers/uiplugin/components.go +++ b/pkg/controllers/uiplugin/components.go @@ -117,6 +117,7 @@ func pluginComponentReconcilers(plugin *uiv1alpha1.UIPlugin, pluginInfo UIPlugin components = append(components, reconciler.NewUpdater(newHealthAnalyzerPrometheusRole(namespace), plugin)) components = append(components, reconciler.NewUpdater(newHealthAnalyzerPrometheusRoleBinding(namespace), plugin)) components = append(components, reconciler.NewUpdater(newHealthAnalyzerService(namespace), plugin)) + components = append(components, reconciler.NewUpdater(newHealthAnalyzerServiceMCP(namespace), plugin)) components = append(components, reconciler.NewUpdater(newHealthAnalyzerDeployment(namespace, serviceAccountName, pluginInfo), plugin)) components = append(components, reconciler.NewUpdater(newHealthAnalyzerServiceMonitor(namespace), plugin)) } diff --git a/pkg/controllers/uiplugin/health_analyzer.go b/pkg/controllers/uiplugin/health_analyzer.go index 03aa97e6b..62afabefe 100644 --- a/pkg/controllers/uiplugin/health_analyzer.go +++ b/pkg/controllers/uiplugin/health_analyzer.go @@ -94,6 +94,37 @@ func newHealthAnalyzerService(namespace string) *corev1.Service { return service } +func newHealthAnalyzerServiceMCP(namespace string) *corev1.Service { + service := &corev1.Service{ + TypeMeta: metav1.TypeMeta{ + APIVersion: corev1.SchemeGroupVersion.String(), + Kind: "Service", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: name + "-mcp", + Namespace: namespace, + Annotations: map[string]string{ + "service.beta.openshift.io/serving-cert-secret-name": volumeMountName, + }, + Labels: componentLabels(name), + }, + Spec: corev1.ServiceSpec{ + Ports: []corev1.ServicePort{ + { + Name: "mcp", + Port: 8085, + TargetPort: intstr.FromString("mcp"), + }, + }, + Selector: map[string]string{ + "app.kubernetes.io/instance": name, + }, + }, + } + + return service +} + func newHealthAnalyzerDeployment(namespace string, serviceAccountName string, pluginInfo UIPluginInfo) *appsv1.Deployment { deploy := &appsv1.Deployment{ TypeMeta: metav1.TypeMeta{ @@ -125,6 +156,7 @@ func newHealthAnalyzerDeployment(namespace string, serviceAccountName string, pl Image: pluginInfo.HealthAnalyzerImage, ImagePullPolicy: corev1.PullAlways, Args: []string{ + "serve", "--tls-cert-file=/etc/tls/private/tls.crt", "--tls-private-key-file=/etc/tls/private/tls.key", }, @@ -159,6 +191,37 @@ func newHealthAnalyzerDeployment(namespace string, serviceAccountName string, pl }, }, }, + { + Name: name + "mcp", + Image: pluginInfo.HealthAnalyzerImage, + ImagePullPolicy: corev1.PullAlways, + Args: []string{ + "mcp", + }, + Env: []corev1.EnvVar{ + { + Name: "PROM_URL", + Value: "https://thanos-querier.openshift-monitoring.svc.cluster.local:9091/", + }, + }, + SecurityContext: &corev1.SecurityContext{ + RunAsNonRoot: ptr.To(true), + AllowPrivilegeEscalation: ptr.To(false), + Capabilities: &corev1.Capabilities{ + Drop: []corev1.Capability{"ALL"}, + }, + SeccompProfile: &corev1.SeccompProfile{ + Type: corev1.SeccompProfileTypeRuntimeDefault, + }, + }, + Ports: []corev1.ContainerPort{ + { + ContainerPort: 8085, + Name: "mcp", + }, + }, + TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError, + }, }, Volumes: []corev1.Volume{ {