func MonitoringPodTemplate()

in oracle/controllers/resources.go [212:297]

• 77 lines of code
• 2 McCabe index (conditional complexity)

func MonitoringPodTemplate(inst *v1alpha1.Instance, monitoringSecret *corev1.Secret, images map[string]string) corev1.PodTemplateSpec {
	svcName := fmt.Sprintf(SvcName, inst.Name)
	dbdName := GetDBDomain(inst)
	names := []string{inst.Spec.CDBName}
	if dbdName != "" {
		names = append(names, dbdName)
	}
	falseVal := false

	containers := []corev1.Container{{
		Name:  "monitor",
		Image: images["monitoring"], // TODO: Use constant
		Env: []corev1.EnvVar{
			{
				Name:  "DATA_SOURCE_URI",
				Value: fmt.Sprintf("oracle://%s:%d/%s", svcName, consts.SecureListenerPort, strings.Join(names, ".")),
			},
			{
				Name:  "DATA_SOURCE_USER_FILE",
				Value: "/mon-creds/username",
			},
			{
				Name:  "DATA_SOURCE_PASS_FILE",
				Value: "/mon-creds/password",
			},
		},
		// TODO: Standardize metrics port.
		Ports: []corev1.ContainerPort{
			{ContainerPort: 9187, Protocol: corev1.ProtocolTCP},
		},
		SecurityContext: &corev1.SecurityContext{
			AllowPrivilegeEscalation: &falseVal,
			Capabilities:             &corev1.Capabilities{Drop: []corev1.Capability{"NET_RAW"}},
		},
		ImagePullPolicy: corev1.PullAlways,
		VolumeMounts: []corev1.VolumeMount{
			{MountPath: "/mon-creds/", Name: "mon-creds"},
		},
	}}

	podSpec := corev1.PodSpec{
		SecurityContext: &corev1.PodSecurityContext{},
		Containers:      containers,
		// Add pod affinity for agent pod, so that k8s will try to schedule the agent pod
		// to the same node where the paired DB pod is located. In this way, we can avoid
		// unnecessary cross node communication.
		Affinity: &corev1.Affinity{
			PodAffinity: &corev1.PodAffinity{
				RequiredDuringSchedulingIgnoredDuringExecution: []corev1.PodAffinityTerm{
					{
						LabelSelector: &metav1.LabelSelector{
							MatchLabels: map[string]string{
								"instance":  inst.Name,
								"task-type": DatabaseTaskType,
							},
						},
						Namespaces:  []string{inst.Namespace},
						TopologyKey: "kubernetes.io/hostname",
					},
				},
			},
		},
		Tolerations: inst.Spec.PodSpec.Tolerations,
		Volumes: []corev1.Volume{{
			Name: "mon-creds",
			VolumeSource: corev1.VolumeSource{
				Secret: &corev1.SecretVolumeSource{
					SecretName: monitoringSecret.Name,
				},
			},
		}},
	}

	template := corev1.PodTemplateSpec{
		ObjectMeta: metav1.ObjectMeta{
			Namespace: inst.Namespace,
			// Inform prometheus/opentel that we report metrics.
			Annotations: map[string]string{
				"prometheus.io/scrape": "true",
			},
		},
		Spec: podSpec,
	}

	return template
}