From 3161da29a409cdf91c9670865fe1507f7e8b611e Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Tue, 28 Oct 2025 21:38:40 +0000 Subject: [PATCH] add scrape config for tuya bridge and prohibit access to the metrics path via ingress [ci skip] --- .../kubernetes/monitoring/prometheus_chart_values.tpl | 11 +++++++++++ modules/kubernetes/tuya-bridge/main.tf | 11 ++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/modules/kubernetes/monitoring/prometheus_chart_values.tpl b/modules/kubernetes/monitoring/prometheus_chart_values.tpl index 12cf735d..14e3bca6 100644 --- a/modules/kubernetes/monitoring/prometheus_chart_values.tpl +++ b/modules/kubernetes/monitoring/prometheus_chart_values.tpl @@ -440,3 +440,14 @@ extraScrapeConfigs: | action: replace regex: '(.*)' replacement: 'registry_$${1}' + - job_name: 'automatic-transfer-switch' + static_configs: + - targets: + - "tuya-bridge.tuya-bridge.svc.cluster.local:80" # devvm + metrics_path: '/metrics' + metric_relabel_configs: + - source_labels: [ __name__ ] + target_label: '__name__' + action: replace + regex: '(.*)' + replacement: 'automatic_transfer_switch_$${1}' diff --git a/modules/kubernetes/tuya-bridge/main.tf b/modules/kubernetes/tuya-bridge/main.tf index c3f77c30..b7831ded 100644 --- a/modules/kubernetes/tuya-bridge/main.tf +++ b/modules/kubernetes/tuya-bridge/main.tf @@ -41,7 +41,7 @@ resource "kubernetes_deployment" "tuya-bridge" { } spec { container { - image = "viktorbarzin/tuya_bridge" + image = "viktorbarzin/tuya_bridge:latest" name = "tuya-bridge" port { container_port = 8080 @@ -90,4 +90,13 @@ module "ingress" { namespace = "tuya-bridge" name = "tuya-bridge" tls_secret_name = var.tls_secret_name + + extra_annotations = { + "nginx.ingress.kubernetes.io/server-snippet" : <<-EOF + location /metrics { + deny all; + return 403; + } + EOF + } }