Merge pull request #26 from appuio/separate-healthz-http

Separate health listen address for easier kube-rbac-proxy protection
appuio · Jun 24, 2024 · bbb57e0 · bbb57e0
2 parents bd9a972 + b7d8f21
commit bbb57e0
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 8 deletions.
diff --git a/config/default/exporter_auth_proxy_patch.yaml b/config/default/exporter_auth_proxy_patch.yaml
@@ -9,8 +9,15 @@ spec:
     spec:
       containers:
       - name: exporter
+        env:
+        - name: POD_IP
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: status.podIP
         args:
         - "--listen-addr=127.0.0.1:8080"
+        - "--health-listen-addr=$(POD_IP):8081"
       - name: kube-rbac-proxy
         securityContext:
           allowPrivilegeEscalation: false

diff --git a/config/exporter/exporter.yaml b/config/exporter/exporter.yaml
@@ -57,7 +57,7 @@ spec:
         livenessProbe:
           httpGet:
             path: /healthz
-            port: 8080
+            port: 8081
           periodSeconds: 20
           initialDelaySeconds: 15
           timeoutSeconds: 3

diff --git a/main.go b/main.go
@@ -1,10 +1,14 @@
 package main
 
 import (
+	"context"
 	"flag"
 	"fmt"
 	"log"
 	"net/http"
+	"os"
+	"os/signal"
+	"sync"
 
 	alertscollector "github.com/appuio/alerts_exporter/internal/alerts_collector"
 	"github.com/appuio/alerts_exporter/internal/healthcheck"
@@ -15,7 +19,7 @@ import (
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 )
 
-var listenAddr string
+var listenAddr, healthListenAddr string
 
 var host string
 var withInhibited, withSilenced, withUnprocessed, withActive bool
@@ -29,6 +33,7 @@ var k8sBearerTokenAuth bool
 
 func main() {
 	flag.StringVar(&listenAddr, "listen-addr", ":8080", "The addr to listen on")
+	flag.StringVar(&healthListenAddr, "health-listen-addr", ":8081", "The addr to listen on for the health check endpoint.")
 
 	flag.StringVar(&host, "host", "localhost:9093", "The host of the Alertmanager")
 
@@ -98,12 +103,48 @@ func main() {
 		Filters:         filters,
 	})
 
-	// Expose metrics and custom registry via an HTTP server
-	// using the HandleFor function. "/metrics" is the usual endpoint for that.
-	http.Handle("/metrics", promhttp.HandlerFor(reg, promhttp.HandlerOpts{Registry: reg}))
-	http.HandleFunc("/healthz", healthcheck.HealthCheck{GeneralService: ac.General}.HandleHealthz)
-	log.Printf("Listening on `%s`", listenAddr)
-	log.Fatal(http.ListenAndServe(listenAddr, nil))
+	msm := http.NewServeMux()
+	msm.Handle("/metrics", promhttp.HandlerFor(reg, promhttp.HandlerOpts{Registry: reg}))
+
+	hsm := http.NewServeMux()
+	hsm.HandleFunc("/healthz", healthcheck.HealthCheck{GeneralService: ac.General}.HandleHealthz)
+
+	ms := &http.Server{
+		Addr:    listenAddr,
+		Handler: msm,
+	}
+
+	hs := &http.Server{
+		Addr:    healthListenAddr,
+		Handler: hsm,
+	}
+
+	ctx, cancel := signal.NotifyContext(context.Background(), os.Interrupt)
+	go func() {
+		defer cancel()
+		log.Printf("Metrics: Listening on `%s`", listenAddr)
+		log.Println("Metrics:", ms.ListenAndServe())
+	}()
+	go func() {
+		defer cancel()
+		log.Printf("Healthz: Listening on `%s`", healthListenAddr)
+		log.Println("Healthz:", hs.ListenAndServe())
+	}()
+
+	var waitShutdown sync.WaitGroup
+	waitShutdown.Add(2)
+	go func() {
+		defer waitShutdown.Done()
+		<-ctx.Done()
+		ms.Shutdown(context.Background())
+	}()
+	go func() {
+		defer waitShutdown.Done()
+		<-ctx.Done()
+		hs.Shutdown(context.Background())
+	}()
+
+	waitShutdown.Wait()
 }
 
 type stringSliceFlag []string