@@ -80,22 +80,23 @@ import (
8080)
8181
8282const (
83- spocCmd string = "spoc"
84- jsonFlag string = "json"
85- nodeStatusControllerFlag string = "with-nodestatus-controller"
86- spodControllerFlag string = "with-spod-controller"
87- workloadAnnotatorFlag string = "with-workload-annotator"
88- recordingMergerFlag string = "with-recording-merger"
89- recordingFlag string = "with-recording"
90- seccompFlag string = "with-seccomp"
91- selinuxFlag string = "with-selinux"
92- apparmorFlag string = "with-apparmor"
93- webhookFlag string = "webhook"
94- memOptimFlag string = "with-mem-optim"
95- defaultWebhookPort int = 9443
96- auditLogIntervalSecondsParam string = "audit-log-interval-seconds"
97- auditLogPathParam string = "audit-log-path"
98- auditLogMaxSizeParam string = "audit-log-maxsize"
83+ spocCmd string = "spoc"
84+ jsonFlag string = "json"
85+ nodeStatusControllerFlag string = "with-nodestatus-controller"
86+ spodControllerFlag string = "with-spod-controller"
87+ workloadAnnotatorFlag string = "with-workload-annotator"
88+ recordingMergerFlag string = "with-recording-merger"
89+ recordingFlag string = "with-recording"
90+ seccompFlag string = "with-seccomp"
91+ selinuxFlag string = "with-selinux"
92+ apparmorFlag string = "with-apparmor"
93+ webhookFlag string = "webhook"
94+ memOptimFlag string = "with-mem-optim"
95+ enableAnonymousMetricsAccessFlag string = "enable-anonymous-metrics-access"
96+ defaultWebhookPort int = 9443
97+ auditLogIntervalSecondsParam string = "audit-log-interval-seconds"
98+ auditLogPathParam string = "audit-log-path"
99+ auditLogMaxSizeParam string = "audit-log-maxsize"
99100 // The plural form is not used for audit-log-file-maxbackup to match the k8s api server audit log options.
100101 auditLogMaxBackupParam string = "audit-log-maxbackup"
101102 auditLogMaxAgeParam string = "audit-log-maxage"
@@ -384,6 +385,11 @@ func main() {
384385 Value : config .DefaultProfilingPort ,
385386 EnvVars : []string {config .ProfilingPortEnvKey },
386387 },
388+ & cli.BoolFlag {
389+ Name : enableAnonymousMetricsAccessFlag ,
390+ Usage : "enable anonymous metrics access" ,
391+ EnvVars : []string {config .EnableAnonymousMetricsAccessEnvKey },
392+ },
387393 }
388394
389395 if err := app .Run (os .Args ); err != nil {
@@ -665,20 +671,29 @@ func runDaemon(ctx *cli.Context, info *version.Info) error {
665671 c .NextProtos = []string {"http/1.1" }
666672 }
667673
674+ metricsOptions := metricsserver.Options {
675+ BindAddress : fmt .Sprintf (":%d" , bindata .ContainerPort ),
676+ ExtraHandlers : map [string ]http.Handler {
677+ metrics .HandlerPath : met .Handler (),
678+ },
679+ }
680+
681+ if ctx .Bool (enableAnonymousMetricsAccessFlag ) {
682+ setupLog .Info ("Anonymous metrics access allowed" )
683+
684+ metricsOptions .SecureServing = false
685+ } else {
686+ metricsOptions .SecureServing = true
687+ metricsOptions .CertDir = bindata .MetricsCertPath
688+ metricsOptions .FilterProvider = metricsfilters .WithAuthenticationAndAuthorization
689+ metricsOptions .TLSOpts = []func (* tls.Config ){disableHTTP2 }
690+ }
691+
668692 ctrlOpts := ctrl.Options {
669693 Cache : cache.Options {SyncPeriod : & sync },
670694 HealthProbeBindAddress : fmt .Sprintf (":%d" , config .HealthProbePort ),
671695 NewCache : newMemoryOptimizedCache (ctx ),
672- Metrics : metricsserver.Options {
673- BindAddress : fmt .Sprintf (":%d" , bindata .ContainerPort ),
674- CertDir : bindata .MetricsCertPath ,
675- SecureServing : true ,
676- FilterProvider : metricsfilters .WithAuthenticationAndAuthorization ,
677- ExtraHandlers : map [string ]http.Handler {
678- metrics .HandlerPath : met .Handler (),
679- },
680- TLSOpts : []func (* tls.Config ){disableHTTP2 },
681- },
696+ Metrics : metricsOptions ,
682697 }
683698
684699 setControllerOptionsForNamespaces (& ctrlOpts )
0 commit comments