[Feature] Add exporter (#730)

2024-12-14 11:57:37 +00:00 · 2021-05-21 18:35:44 +02:00 · 2021-05-21 18:35:44 +02:00 · 44dea2cf09
commit 44dea2cf09
parent 43f7dbca1b
14 changed files with 701 additions and 28 deletions
--- a/exporter.go
+++ b/exporter.go
@ -0,0 +1,123 @@
+//
+// DISCLAIMER
+//
+// Copyright 2021 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+// Author Adam Janikowski
+//
+
+package main
+
+import (
+	"io/ioutil"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"github.com/arangodb/kube-arangodb/pkg/exporter"
+
+	"github.com/rs/zerolog/log"
+	"github.com/spf13/cobra"
+)
+
+var (
+	cmdExporter = &cobra.Command{
+		Use: "exporter",
+		Run: cmdExporterCheck,
+	}
+
+	exporterInput struct {
+		listenAddress string
+
+		endpoint string
+		jwtFile  string
+		timeout  time.Duration
+
+		keyfile string
+	}
+)
+
+func init() {
+	f := cmdExporter.PersistentFlags()
+
+	f.StringVar(&exporterInput.listenAddress, "server.address", ":9101", "Address the exporter will listen on (IP:port)")
+	f.StringVar(&exporterInput.keyfile, "ssl.keyfile", "", "File containing TLS certificate used for the metrics server. Format equal to ArangoDB keyfiles")
+
+	f.StringVar(&exporterInput.endpoint, "arangodb.endpoint", "http://127.0.0.1:8529", "Endpoint used to reach the ArangoDB server")
+	f.StringVar(&exporterInput.jwtFile, "arangodb.jwt-file", "", "File containing the JWT for authentication with ArangoDB server")
+	f.DurationVar(&exporterInput.timeout, "arangodb.timeout", time.Second*15, "Timeout of statistics requests for ArangoDB")
+
+	cmdMain.AddCommand(cmdExporter)
+}
+
+func cmdExporterCheck(cmd *cobra.Command, args []string) {
+	if err := cmdExporterCheckE(); err != nil {
+		log.Error().Err(err).Msgf("Fatal")
+		os.Exit(1)
+	}
+}
+
+func onSigterm(f func()) {
+	sigs := make(chan os.Signal, 1)
+
+	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM)
+
+	go func() {
+		defer f()
+		<-sigs
+	}()
+}
+
+func cmdExporterCheckE() error {
+	p, err := exporter.NewPassthru(exporterInput.endpoint, func() (string, error) {
+		if exporterInput.jwtFile == "" {
+			return "", nil
+		}
+
+		data, err := ioutil.ReadFile(exporterInput.jwtFile)
+		if err != nil {
+			return "", err
+		}
+
+		return string(data), nil
+	}, false, 15*time.Second)
+	if err != nil {
+		return err
+	}
+
+	exporter := exporter.NewExporter(exporterInput.listenAddress, "/metrics", p)
+	if exporterInput.keyfile != "" {
+		if e, err := exporter.WithKeyfile(exporterInput.keyfile); err != nil {
+			return err
+		} else {
+			if r, err := e.Start(); err != nil {
+				return err
+			} else {
+				onSigterm(r.Stop)
+				return r.Wait()
+			}
+		}
+	} else {
+		if r, err := exporter.Start(); err != nil {
+			return err
+		} else {
+			onSigterm(r.Stop)
+			return r.Wait()
+		}
+	}
+}
--- a/pkg/deployment/features/metrics.go
+++ b/pkg/deployment/features/metrics.go
@ -0,0 +1,39 @@
+//
+// DISCLAIMER
+//
+// Copyright 2021 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+// Author Adam Janikowski
+//
+
+package features
+
+func init() {
+	registerFeature(metricsExporter)
+}
+
+var metricsExporter = &feature{
+	name:               "metrics-exporter",
+	description:        "Define if internal metrics-exporter should be used",
+	version:            "3.6.0",
+	enterpriseRequired: false,
+	enabledByDefault:   false,
+}
+
+func MetricsExporter() Feature {
+	return metricsExporter
+}
--- a/pkg/deployment/images.go
+++ b/pkg/deployment/images.go
@ -322,7 +322,8 @@ func (i *ImageUpdatePod) GetVolumes() ([]core.Volume, []core.VolumeMount) {
 	return volumes, volumeMounts
 }

-func (i *ImageUpdatePod) GetSidecars(*core.Pod) {
+func (i *ImageUpdatePod) GetSidecars(*core.Pod) error {
+	return nil
 }

 func (i *ImageUpdatePod) GetInitContainers(cachedStatus interfaces.Inspector) ([]core.Container, error) {
--- a/pkg/deployment/resources/exporter.go
+++ b/pkg/deployment/resources/exporter.go
@ -23,6 +23,8 @@ package resources
 import (
 	"path/filepath"

+	"github.com/arangodb/go-driver"
+
 	api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
 	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil/probes"

@ -59,6 +61,39 @@ func ArangodbExporterContainer(image string, args []string, livenessProbe *probe
 	return c
 }

+func createInternalExporterArgs(spec api.DeploymentSpec, groupSpec api.ServerGroupSpec, version driver.Version) []string {
+	tokenpath := filepath.Join(k8sutil.ExporterJWTVolumeMountDir, constants.SecretKeyToken)
+	options := k8sutil.CreateOptionPairs(64)
+
+	options.Add("--arangodb.jwt-file", tokenpath)
+
+	path := k8sutil.ArangoExporterInternalEndpoint
+	if version.CompareTo("3.8.0") >= 0 {
+		path = k8sutil.ArangoExporterInternalEndpointV2
+	}
+
+	if port := groupSpec.InternalPort; port == nil {
+		scheme := "http"
+		if spec.IsSecure() {
+			scheme = "https"
+		}
+		options.Addf("--arangodb.endpoint", "%s://localhost:%d%s", scheme, k8sutil.ArangoPort, path)
+	} else {
+		options.Addf("--arangodb.endpoint", "http://localhost:%d%s", *port, path)
+	}
+
+	keyPath := filepath.Join(k8sutil.TLSKeyfileVolumeMountDir, constants.SecretTLSKeyfile)
+	if spec.IsSecure() && spec.Metrics.IsTLS() {
+		options.Add("--ssl.keyfile", keyPath)
+	}
+
+	if port := spec.Metrics.GetPort(); port != k8sutil.ArangoExporterPort {
+		options.Addf("--server.address", ":%d", port)
+	}
+
+	return options.Sort().AsArgs()
+}
+
 func createExporterArgs(spec api.DeploymentSpec, groupSpec api.ServerGroupSpec) []string {
 	tokenpath := filepath.Join(k8sutil.ExporterJWTVolumeMountDir, constants.SecretKeyToken)
 	options := k8sutil.CreateOptionPairs(64)
--- a/pkg/deployment/resources/internal_exporter.go
+++ b/pkg/deployment/resources/internal_exporter.go
@ -0,0 +1,68 @@
+//
+// Copyright 2021 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+// Author Adam Janikowski
+//
+
+package resources
+
+import (
+	"os"
+	"path/filepath"
+
+	api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
+	"github.com/arangodb/kube-arangodb/pkg/util/errors"
+	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil/probes"
+
+	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
+	v1 "k8s.io/api/core/v1"
+)
+
+// ArangodbInternalExporterContainer creates metrics container based on internal exporter
+func ArangodbInternalExporterContainer(image string, args []string, livenessProbe *probes.HTTPProbeConfig,
+	resources v1.ResourceRequirements, securityContext *v1.SecurityContext,
+	spec api.DeploymentSpec) (v1.Container, error) {
+
+	binaryPath, err := os.Executable()
+	if err != nil {
+		return v1.Container{}, errors.WithStack(err)
+	}
+	exePath := filepath.Join(k8sutil.LifecycleVolumeMountDir, filepath.Base(binaryPath))
+
+	c := v1.Container{
+		Name:    k8sutil.ExporterContainerName,
+		Image:   image,
+		Command: append([]string{exePath, "exporter"}, args...),
+		Ports: []v1.ContainerPort{
+			{
+				Name:          "exporter",
+				ContainerPort: int32(spec.Metrics.GetPort()),
+				Protocol:      v1.ProtocolTCP,
+			},
+		},
+		Resources:       k8sutil.ExtractPodResourceRequirement(resources),
+		ImagePullPolicy: v1.PullIfNotPresent,
+		SecurityContext: securityContext,
+		VolumeMounts:    []v1.VolumeMount{k8sutil.LifecycleVolumeMount()},
+	}
+
+	if livenessProbe != nil {
+		c.LivenessProbe = livenessProbe.Create()
+	}
+
+	return c, nil
+}
--- a/pkg/deployment/resources/pod_creator.go
+++ b/pkg/deployment/resources/pod_creator.go
@ -652,7 +652,9 @@ func RenderArangoPod(cachedStatus inspectorInterface.Inspector, deployment k8sut

 	p.Spec.Volumes, c.VolumeMounts = podCreator.GetVolumes()
 	p.Spec.Containers = append(p.Spec.Containers, c)
-	podCreator.GetSidecars(&p)
+	if err := podCreator.GetSidecars(&p); err != nil {
+		return nil, err
+	}

 	if err := podCreator.ApplyPodSpec(&p.Spec); err != nil {
 		return nil, err
--- a/pkg/deployment/resources/pod_creator_arangod.go
+++ b/pkg/deployment/resources/pod_creator_arangod.go
@ -27,6 +27,8 @@ import (
 	"math"
 	"os"

+	"github.com/arangodb/kube-arangodb/pkg/deployment/features"
+
 	"github.com/arangodb/kube-arangodb/pkg/util/collection"

 	"github.com/arangodb/kube-arangodb/pkg/util/k8sutil/interfaces"
@ -296,25 +298,33 @@ func (m *MemberArangoDPod) GetServiceAccountName() string {
 	return m.groupSpec.GetServiceAccountName()
 }

-func (m *MemberArangoDPod) GetSidecars(pod *core.Pod) {
-
+func (m *MemberArangoDPod) GetSidecars(pod *core.Pod) error {
 	if m.spec.Metrics.IsEnabled() {
 		var c *core.Container

-		switch m.spec.Metrics.Mode.Get() {
-		case api.MetricsModeExporter:
-			if !m.group.IsExportMetrics() {
-				break
+		if features.MetricsExporter().Enabled() {
+			pod.Labels[k8sutil.LabelKeyArangoExporter] = "yes"
+			if container, err := m.createMetricsExporterSidecarInternalExporter(); err != nil {
+				return err
+			} else {
+				c = container
+			}
+		} else {
+			switch m.spec.Metrics.Mode.Get() {
+			case api.MetricsModeExporter:
+				if !m.group.IsExportMetrics() {
+					break
+				}
+				fallthrough
+			case api.MetricsModeSidecar:
+				c = m.createMetricsExporterSidecarExternalExporter()
+
+				pod.Labels[k8sutil.LabelKeyArangoExporter] = "yes"
+			default:
+				pod.Labels[k8sutil.LabelKeyArangoExporter] = "yes"
 			}
-			fallthrough
-		case api.MetricsModeSidecar:
-			c = m.createMetricsExporterSidecar()

-			pod.Labels[k8sutil.LabelKeyArangoExporter] = "yes"
-		default:
-			pod.Labels[k8sutil.LabelKeyArangoExporter] = "yes"
 		}
-
 		if c != nil {
 			pod.Spec.Containers = append(pod.Spec.Containers, *c)
 		}
@ -325,6 +335,8 @@ func (m *MemberArangoDPod) GetSidecars(pod *core.Pod) {
 	if len(sidecars) > 0 {
 		pod.Spec.Containers = append(pod.Spec.Containers, sidecars...)
 	}
+
+	return nil
 }

 func (m *MemberArangoDPod) GetVolumes() ([]core.Volume, []core.VolumeMount) {
@ -352,18 +364,26 @@ func (m *MemberArangoDPod) GetVolumes() ([]core.Volume, []core.VolumeMount) {
 	volumes.Append(pod.Encryption(), m.AsInput())

 	if m.spec.Metrics.IsEnabled() {
-		switch m.spec.Metrics.Mode.Get() {
-		case api.MetricsModeExporter:
-			if !m.group.IsExportMetrics() {
-				break
-			}
-			fallthrough
-		case api.MetricsModeSidecar:
+		if features.MetricsExporter().Enabled() {
 			token := m.spec.Metrics.GetJWTTokenSecretName()
 			if token != "" {
 				vol := k8sutil.CreateVolumeWithSecret(k8sutil.ExporterJWTVolumeName, token)
 				volumes.AddVolume(vol)
 			}
+		} else {
+			switch m.spec.Metrics.Mode.Get() {
+			case api.MetricsModeExporter:
+				if !m.group.IsExportMetrics() {
+					break
+				}
+				fallthrough
+			case api.MetricsModeSidecar:
+				token := m.spec.Metrics.GetJWTTokenSecretName()
+				if token != "" {
+					vol := k8sutil.CreateVolumeWithSecret(k8sutil.ExporterJWTVolumeName, token)
+					volumes.AddVolume(vol)
+				}
+			}
 		}
 	}

@ -494,7 +514,31 @@ func (m *MemberArangoDPod) GetContainerCreator() interfaces.ContainerCreator {
 	}
 }

-func (m *MemberArangoDPod) createMetricsExporterSidecar() *core.Container {
+func (m *MemberArangoDPod) createMetricsExporterSidecarInternalExporter() (*core.Container, error) {
+	image := m.GetContainerCreator().GetImage()
+
+	args := createInternalExporterArgs(m.spec, m.groupSpec, m.imageInfo.ArangoDBVersion)
+
+	c, err := ArangodbInternalExporterContainer(image, args,
+		createExporterLivenessProbe(m.spec.IsSecure() && m.spec.Metrics.IsTLS()), m.spec.Metrics.Resources,
+		m.groupSpec.SecurityContext.NewSecurityContext(),
+		m.spec)
+	if err != nil {
+		return nil, err
+	}
+
+	if m.spec.Metrics.GetJWTTokenSecretName() != "" {
+		c.VolumeMounts = append(c.VolumeMounts, k8sutil.ExporterJWTVolumeMount())
+	}
+
+	if pod.IsTLSEnabled(m.AsInput()) {
+		c.VolumeMounts = append(c.VolumeMounts, k8sutil.TlsKeyfileVolumeMount())
+	}
+
+	return &c, nil
+}
+
+func (m *MemberArangoDPod) createMetricsExporterSidecarExternalExporter() *core.Container {
 	image := m.context.GetMetricsExporterImage()
 	if m.spec.Metrics.HasImage() {
 		image = m.spec.Metrics.GetImage()
--- a/pkg/deployment/resources/pod_creator_sync.go
+++ b/pkg/deployment/resources/pod_creator_sync.go
@ -213,12 +213,14 @@ func (m *MemberSyncPod) GetServiceAccountName() string {
 	return m.groupSpec.GetServiceAccountName()
 }

-func (m *MemberSyncPod) GetSidecars(pod *core.Pod) {
+func (m *MemberSyncPod) GetSidecars(pod *core.Pod) error {
 	// A sidecar provided by the user
 	sidecars := m.groupSpec.GetSidecars()
 	if len(sidecars) > 0 {
 		pod.Spec.Containers = append(pod.Spec.Containers, sidecars...)
 	}
+
+	return nil
 }

 func (m *MemberSyncPod) GetVolumes() ([]core.Volume, []core.VolumeMount) {
--- a/pkg/deployment/resources/secrets.go
+++ b/pkg/deployment/resources/secrets.go
@ -458,7 +458,7 @@ var (
 	exporterTokenClaims = jg.MapClaims{
 		"iss":           "arangodb",
 		"server_id":     "exporter",
-		"allowed_paths": []interface{}{"/_admin/statistics", "/_admin/statistics-description", k8sutil.ArangoExporterInternalEndpoint},
+		"allowed_paths": []interface{}{"/_admin/statistics", "/_admin/statistics-description", k8sutil.ArangoExporterInternalEndpoint, k8sutil.ArangoExporterInternalEndpointV2},
 	}
 )

--- a/pkg/exporter/exporter.go
+++ b/pkg/exporter/exporter.go
@ -0,0 +1,63 @@
+//
+// DISCLAIMER
+//
+// Copyright 2021 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+// Author Adam Janikowski
+//
+
+package exporter
+
+import (
+	"net/http"
+	"time"
+
+	operatorHTTP "github.com/arangodb/kube-arangodb/pkg/util/http"
+)
+
+type Authentication func() (string, error)
+
+// CreateArangodJwtAuthorizationHeader calculates a JWT authorization header, for authorization
+// of a request to an arangod server, based on the given secret.
+// If the secret is empty, nothing is done.
+func CreateArangodJwtAuthorizationHeader(jwt string) (string, error) {
+	return "bearer " + jwt, nil
+}
+
+func NewExporter(endpoint string, url string, handler http.Handler) operatorHTTP.PlainServer {
+	s := http.NewServeMux()
+
+	s.Handle(url, handler)
+
+	s.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte(`<html>
+             <head><title>ArangoDB Exporter</title></head>
+             <body>
+             <h1>ArangoDB Exporter</h1>
+             <p><a href='/metrics'>Metrics</a></p>
+             </body>
+             </html>`))
+	})
+
+	return operatorHTTP.NewServer(&http.Server{
+		Addr:              endpoint,
+		ReadTimeout:       time.Second * 30,
+		ReadHeaderTimeout: time.Second * 15,
+		WriteTimeout:      time.Second * 30,
+		Handler:           s,
+	})
+}
--- a/pkg/exporter/passthru.go
+++ b/pkg/exporter/passthru.go
@ -0,0 +1,134 @@
+//
+// DISCLAIMER
+//
+// Copyright 2021 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+// Author Adam Janikowski
+//
+
+package exporter
+
+import (
+	"crypto/tls"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/arangodb/kube-arangodb/pkg/util/errors"
+)
+
+var _ http.Handler = &passthru{}
+
+func NewPassthru(arangodbEndpoint string, auth Authentication, sslVerify bool, timeout time.Duration) (http.Handler, error) {
+	return &passthru{
+		factory: newHttpClientFactory(arangodbEndpoint, auth, sslVerify, timeout),
+	}, nil
+}
+
+type httpClientFactory func() (*http.Client, *http.Request, error)
+
+func newHttpClientFactory(arangodbEndpoint string, auth Authentication, sslVerify bool, timeout time.Duration) httpClientFactory {
+	return func() (*http.Client, *http.Request, error) {
+		transport := &http.Transport{}
+
+		req, err := http.NewRequest("GET", arangodbEndpoint, nil)
+		if err != nil {
+			return nil, nil, errors.WithStack(err)
+		}
+
+		if !sslVerify {
+			transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		}
+
+		jwt, err := auth()
+		if err != nil {
+			return nil, nil, err
+		}
+
+		if jwt != "" {
+			hdr, err := CreateArangodJwtAuthorizationHeader(jwt)
+			if err != nil {
+				return nil, nil, errors.WithStack(err)
+			}
+			req.Header.Add("Authorization", hdr)
+		}
+
+		req.Header.Add("x-arango-allow-dirty-read", "true") // Allow read from follower in AF mode
+
+		client := &http.Client{
+			Transport: transport,
+			Timeout:   timeout,
+		}
+
+		return client, req, nil
+	}
+}
+
+type passthru struct {
+	factory httpClientFactory
+}
+
+func (p passthru) get() (*http.Response, error) {
+	c, req, err := p.factory()
+	if err != nil {
+		return nil, err
+	}
+	return c.Do(req)
+}
+
+func (p passthru) ServeHTTP(resp http.ResponseWriter, req *http.Request) {
+	data, err := p.get()
+
+	if err != nil {
+		// Ignore error
+		resp.WriteHeader(http.StatusInternalServerError)
+		resp.Write([]byte(err.Error()))
+		return
+	}
+
+	if data.Body == nil {
+		// Ignore error
+		resp.WriteHeader(http.StatusInternalServerError)
+		resp.Write([]byte("Body is empty"))
+		return
+	}
+
+	defer data.Body.Close()
+
+	response, err := ioutil.ReadAll(data.Body)
+	if err != nil {
+		// Ignore error
+		resp.WriteHeader(http.StatusInternalServerError)
+		resp.Write([]byte(err.Error()))
+		return
+	}
+
+	responseStr := string(response)
+
+	// Fix Header response
+	responseStr = strings.ReplaceAll(responseStr, "guage", "gauge")
+
+	resp.WriteHeader(data.StatusCode)
+	_, err = resp.Write([]byte(responseStr))
+	if err != nil {
+		// Ignore error
+		resp.WriteHeader(http.StatusInternalServerError)
+		resp.Write([]byte("Unable to write body"))
+		return
+	}
+}
--- a/pkg/util/http/server.go
+++ b/pkg/util/http/server.go
@ -0,0 +1,161 @@
+//
+// DISCLAIMER
+//
+// Copyright 2018 ArangoDB GmbH, Cologne, Germany
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Copyright holder is ArangoDB GmbH, Cologne, Germany
+//
+// Author Adam Janikowski
+//
+
+package http
+
+import (
+	"crypto/tls"
+	"errors"
+	"net/http"
+	"sync"
+
+	"github.com/arangodb-helper/go-certificates"
+)
+
+func NewServer(server *http.Server) PlainServer {
+	return &plainServer{server: server}
+}
+
+type ServerRunner interface {
+	Stop()
+	Wait() error
+}
+
+type PlainServer interface {
+	Server
+	WithSSL(key, cert string) (Server, error)
+	WithKeyfile(keyfile string) (Server, error)
+}
+
+type Server interface {
+	Start() (ServerRunner, error)
+}
+
+var _ Server = &tlsServer{}
+
+type tlsServer struct {
+	server *http.Server
+}
+
+func (t *tlsServer) Start() (ServerRunner, error) {
+	i := serverRunner{
+		stopCh: make(chan struct{}),
+		doneCh: make(chan struct{}),
+	}
+
+	go i.run(t.server, func(s *http.Server) error {
+		return s.ListenAndServeTLS("", "")
+	})
+
+	return &i, nil
+}
+
+var _ PlainServer = &plainServer{}
+
+type plainServer struct {
+	server *http.Server
+}
+
+func (p *plainServer) WithKeyfile(keyfile string) (Server, error) {
+	certificate, err := certificates.LoadKeyFile(keyfile)
+	if err != nil {
+		return nil, err
+	}
+
+	s := p.server
+	s.TLSConfig = &tls.Config{
+		Certificates: []tls.Certificate{certificate},
+	}
+
+	return &tlsServer{server: s}, nil
+}
+
+func (p *plainServer) Start() (ServerRunner, error) {
+	i := serverRunner{
+		stopCh: make(chan struct{}),
+		doneCh: make(chan struct{}),
+	}
+
+	go i.run(p.server, func(s *http.Server) error {
+		return s.ListenAndServe()
+	})
+
+	return &i, nil
+}
+
+func (p *plainServer) WithSSL(key, cert string) (Server, error) {
+	certificate, err := tls.LoadX509KeyPair(cert, key)
+	if err != nil {
+		return nil, err
+	}
+
+	s := p.server
+	s.TLSConfig = &tls.Config{
+		Certificates: []tls.Certificate{certificate},
+	}
+
+	return &tlsServer{server: s}, nil
+}
+
+var _ ServerRunner = &serverRunner{}
+
+type serverRunner struct {
+	lock sync.Mutex
+
+	stopCh chan struct{}
+	doneCh chan struct{}
+	err    error
+}
+
+func (s *serverRunner) run(server *http.Server, f func(s *http.Server) error) {
+	go func() {
+		defer close(s.doneCh)
+		if err := f(server); err != nil {
+			if !errors.Is(err, http.ErrServerClosed) {
+				s.err = err
+			}
+		}
+	}()
+
+	<-s.stopCh
+
+	server.Close()
+
+	<-s.doneCh
+}
+
+func (s *serverRunner) Stop() {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+	select {
+	case <-s.stopCh:
+		return
+	default:
+		close(s.stopCh)
+	}
+}
+
+func (s *serverRunner) Wait() error {
+	<-s.doneCh
+
+	return s.err
+}
--- a/pkg/util/k8sutil/constants.go
+++ b/pkg/util/k8sutil/constants.go
@ -29,8 +29,9 @@ const (
 	ArangoSyncWorkerPort = 8729
 	ArangoExporterPort   = 9101

-	ArangoExporterInternalEndpoint = "/_admin/metrics"
-	ArangoExporterDefaultEndpoint  = "/metrics"
+	ArangoExporterInternalEndpoint   = "/_admin/metrics"
+	ArangoExporterInternalEndpointV2 = "/_admin/metrics/v2"
+	ArangoExporterDefaultEndpoint    = "/metrics"

 	// K8s constants
 	ClusterIPNone       = "None"
--- a/pkg/util/k8sutil/interfaces/pod_creator.go
+++ b/pkg/util/k8sutil/interfaces/pod_creator.go
@ -42,7 +42,7 @@ type PodCreator interface {
 	GetName() string
 	GetRole() string
 	GetVolumes() ([]core.Volume, []core.VolumeMount)
-	GetSidecars(*core.Pod)
+	GetSidecars(*core.Pod) error
 	GetInitContainers(cachedStatus Inspector) ([]core.Container, error)
 	GetFinalizers() []string
 	GetTolerations() []core.Toleration