From 6c14b02bab14ac83497296165f6c24e46a6f50c5 Mon Sep 17 00:00:00 2001 From: Anna Simon Date: Thu, 20 Jul 2023 13:42:55 +0900 Subject: [PATCH] feat(config/server): Add option to deploy a HTTP server for the metrics endpoint Signed-off-by: Anna Simon --- config.go | 2 ++ config_example.yaml | 2 ++ main.go | 39 +++++++++++++++++++++++++++++++++++++-- types/types.go | 12 +++++++----- 4 files changed, 48 insertions(+), 7 deletions(-) diff --git a/config.go b/config.go index de47185ea7..01696811ae 100644 --- a/config.go +++ b/config.go @@ -58,6 +58,8 @@ func getConfig() *types.Configuration { v.SetDefault("TLSServer.KeyFile", "/etc/certs/server/server.key") v.SetDefault("TLSServer.MutualTLS", false) v.SetDefault("TLSServer.CaCertFile", "/etc/certs/server/ca.crt") + v.SetDefault("TLSServer.MetricsHTTP", false) + v.SetDefault("TLSServer.MetricsPort", 2802) v.SetDefault("Slack.WebhookURL", "") v.SetDefault("Slack.Footer", "https://github.com/falcosecurity/falcosidekick") diff --git a/config_example.yaml b/config_example.yaml index ed4e3bfa52..b4f9f54694 100644 --- a/config_example.yaml +++ b/config_example.yaml @@ -19,6 +19,8 @@ tlsserver: keyfile: "/etc/certs/server/server.key" # server key mutualtls: false # if true, mTLS server will be deployed instead of TLS, deploy also has to be true cacertfile: "/etc/certs/server/ca.crt" # for client certification if mutualtls is true + metricshttp: false # if true, a separate http server will be deployed for the Prometheus metrics endpoint + metricsport: 2802 # port to serve metrics http server if deployed (default: 2802) slack: diff --git a/main.go b/main.go index ccb4b937a9..abde171174 100644 --- a/main.go +++ b/main.go @@ -767,8 +767,31 @@ func main() { log.Printf("[DEBUG] : running TLS server") } - if err := server.ListenAndServeTLS(config.TLSServer.CertFile, config.TLSServer.KeyFile); err != nil { - log.Fatalf("[ERROR] : %v", err.Error()) + if config.TLSServer.MetricsHTTP { + if config.Debug { + log.Printf("[DEBUG] : running HTTP server for /metrics endpoint") + } + + metricsServeMux := http.NewServeMux() + metricsServeMux.Handle("/metrics", promhttp.Handler()) + + metricsServer := &http.Server{ + Addr: fmt.Sprintf("%s:%d", config.ListenAddress, 2802), + Handler: metricsServeMux, + // Timeouts + ReadTimeout: 60 * time.Second, + ReadHeaderTimeout: 60 * time.Second, + WriteTimeout: 60 * time.Second, + IdleTimeout: 60 * time.Second, + } + errs := make(chan error, 1) + go serveTLS(server, errs) + go serveHTTP(metricsServer, errs) + log.Fatal(<-errs) + } else { + if err := server.ListenAndServeTLS(config.TLSServer.CertFile, config.TLSServer.KeyFile); err != nil { + log.Fatalf("[ERROR] : %v", err.Error()) + } } } else { if config.Debug { @@ -779,8 +802,20 @@ func main() { log.Printf("[WARN] : tlsserver.deploy is false but tlsserver.mutualtls is true, change tlsserver.deploy to true to use mTLS") } + if config.TLSServer.MetricsHTTP { + log.Printf("[WARN] : tlsserver.deploy is false but tlsserver.metricshttp is true, change tlsserver.deploy to true to use TLS") + } + if err := server.ListenAndServe(); err != nil { log.Fatalf("[ERROR] : %v", err.Error()) } } } + +func serveTLS(server *http.Server, errs chan<- error) { + errs <- server.ListenAndServeTLS(config.TLSServer.CertFile, config.TLSServer.KeyFile) +} + +func serveHTTP(server *http.Server, errs chan<- error) { + errs <- server.ListenAndServe() +} diff --git a/types/types.go b/types/types.go index 08011668a3..580156ffb5 100644 --- a/types/types.go +++ b/types/types.go @@ -116,11 +116,13 @@ type MutualTLSClient struct { // TLSServer represents parameters for TLS Server type TLSServer struct { - Deploy bool - CertFile string - KeyFile string - MutualTLS bool - CaCertFile string + Deploy bool + CertFile string + KeyFile string + MutualTLS bool + CaCertFile string + MetricsHTTP bool + MetricsPort int } // SlackOutputConfig represents parameters for Slack