fix: Add metric port to pods and service

[arsenetar]

Changes

This allows the usage of Prometheus PodMonitors and/or ServiceMonitors to configure scraping of metrics. This is often preferred over the annotations on the pods. This is also more inline with the rest of Knative.

• Add metric port definition to both gateway pods and controller pods.
• Add metric port to controller service

NOTE: Did not add metric port to gateway services as those often are exposed and exposing the metrics via those services is probably not desired in most cases.

/kind enhancement

Release Note

Metrics ports for net-kourier-controller and 3scale-kourier-gateway are now exposed and can be used with Service Monitors

Docs

NONE

Additionally ServiceMonitors and PodMonitors should probably be provided somewhere, maybe over in https://github.com/knative-extensions/monitoring with the rest for base Knative?

[knative-prow]

Welcome @arsenetar! It looks like this is your first PR to knative-extensions/net-kourier 🎉

[knative-prow]

Hi @arsenetar. Thanks for your PR.

I'm waiting for a knative-extensions member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[arsenetar]

@ReToCode @skonto Is there any feedback on this?

[ReToCode]

/lgtm
/approve

/hold for @skonto

[knative-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: arsenetar, ReToCode

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ReToCode]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ReToCode]

Thanks, I think this makes sense.

Additionally ServiceMonitors and PodMonitors should probably be provided somewhere, maybe over in https://github.com/knative-extensions/monitoring with the rest for base Knative?

I think that's a good idea. Any input @skonto?

[ReToCode]

/ok-to-test

[skonto]

Hi all sorry for the late reply, out of curiosity I would like to take a look at what is exposed. One long standing concern with all metric ports is what info they leak see for example: knative/serving#8959. Downstream we fix that with kube-rbac-proxy at the moment.

[arsenetar]

@skonto I don't disagree with the potential for exposed data. If we don't add the port to the controller service then this has no impact vs existing. For the pods they already have to old annotations for Prometheus, the change to those only allows the pods to be used with the PodMonitors as well which is the more common approach. It doesn't change the potential exposure at the pod level.

[skonto]

/unhold