feat: use port 8080 defaultwise for operator metrics

Signed-off-by: Karsten Ludwig Hauser <KHauser@intershop.com>

Author: khauser

config/operator/deployment.yaml

@@ -38,6 +38,8 @@ spec:
           value: ""
         ports:
         - name: metrics
+          containerPort: 8080
+        - name: https
           containerPort: 8443
         - name: probes
           containerPort: 8081

config/operator/metrics_service.yaml

@@ -6,6 +6,10 @@ spec:
   type: ClusterIP
   ports:
   - name: metrics
+    protocol: TCP
+    port: 8080
+    targetPort: 8080
+  - name: https
     protocol: TCP
     port: 8443
     targetPort: 8443

operator/main.go

@@ -63,9 +63,9 @@ func main() {
 	var enableLeaderElection bool
 	var probeAddr string
 	var profilingAddr string
-	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8443", "The address the metric endpoint binds to.")
-	flag.BoolVar(&metricsSecure, "metrics-secure", true, "Enable secure serving for metrics endpoint.")
-	flag.BoolVar(&metricsAuth, "metrics-auth", true, "Enable authentication and authorization for metrics endpoint.")
+	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.")
+	flag.BoolVar(&metricsSecure, "metrics-secure", false, "Enable secure serving for metrics endpoint.")
+	flag.BoolVar(&metricsAuth, "metrics-auth", false, "Enable authentication and authorization for metrics endpoint.")
 	flag.StringVar(&metricsCertDir, "metrics-cert-dir", "", "The directory that contains the server certificate and key (tls.crt and tls.key) for the metrics endpoint.")
 	flag.StringVar(&probeAddr, "health-probe-bind-address", ":8081", "The address the probe endpoint binds to.")
 	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
@@ -124,6 +124,13 @@ func main() {
 		}
 	}
 
+	// Switch between HTTP (8080) and HTTPS (8443) based on metricsSecure flag
+	if metricsSecure {
+		metricsAddr = ":8443"
+	} else {
+		metricsAddr = ":8080"
+	}
+
 	metricsOpts := server.Options{
 		BindAddress:   metricsAddr,
 		SecureServing: metricsSecure,

tests/checks/operator_metrics/operator_metrics_test.go

@@ -20,7 +20,7 @@ const (
 var (
 	testNamespace          = fmt.Sprintf("%s-ns", testName)
 	clientName             = fmt.Sprintf("%s-client", testName)
-	kedaOperatorMetricsURL = "https://keda-add-ons-http-operator-metrics.keda:8443/metrics"
+	kedaOperatorMetricsURL = "http://keda-add-ons-http-operator-metrics.keda:8080/metrics"
 	operatorPodSelector    = "app.kubernetes.io/instance=operator"
 )
 
@@ -83,8 +83,8 @@ func TestOperatorMetrics(t *testing.T) {
 	t.Log("--- testing operator metrics endpoint ---")
 
 	// Test 1: HTTPS endpoint should be accessible (will fail cert validation but should return metrics)
-	t.Log("Test 1: Verify HTTPS endpoint is available")
-	testHTTPSEndpoint(t)
+	t.Log("Test 1: Verify HTTP endpoint is available")
+	testHTTPEndpoint(t)
 
 	// Test 2: Verify metrics are returned
 	t.Log("Test 2: Verify metrics content")
@@ -94,19 +94,13 @@ func TestOperatorMetrics(t *testing.T) {
 	DeleteKubernetesResources(t, testNamespace, data, templates)
 }
 
-func testHTTPSEndpoint(t *testing.T) {
-	// Use curl with -k to skip certificate validation (self-signed cert)
-	cmd := fmt.Sprintf("curl -k --max-time 10 %s", kedaOperatorMetricsURL)
+func testHTTPEndpoint(t *testing.T) {
+	cmd := fmt.Sprintf("curl --max-time 10 %s", kedaOperatorMetricsURL)
 	out, errOut, err := ExecCommandOnSpecificPod(t, clientName, testNamespace, cmd)
 
-	// We expect this to succeed with a self-signed certificate
-	if err != nil {
-		t.Logf("HTTPS endpoint test - Output: %s, Error output: %s, Error: %v", out, errOut, err)
-	}
-
 	// The endpoint should return something (even if authentication fails, it should respond)
 	assert.True(t, err == nil || strings.Contains(errOut, "Forbidden") || strings.Contains(out, "Forbidden"),
-		"HTTPS endpoint should respond (either with metrics or authentication error)")
+		"HTTP endpoint should respond (either with metrics or authentication error)")
 }
 
 func testMetricsContent(t *testing.T) {
@@ -115,7 +109,7 @@ func testMetricsContent(t *testing.T) {
 	// This allows it to access the metrics endpoint with proper RBAC permissions
 
 	// Get the ServiceAccount token to authenticate
-	cmd := fmt.Sprintf("curl -k -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" --max-time 10 %s", kedaOperatorMetricsURL)
+	cmd := fmt.Sprintf("curl -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" --max-time 10 %s", kedaOperatorMetricsURL)
 	out, errOut, err := ExecCommandOnSpecificPod(t, clientName, testNamespace, cmd)
 
 	if err != nil {