From f4b3115dd384c4552608240aa4fc435828194460 Mon Sep 17 00:00:00 2001
From: Joel Speed <joel.speed@hotmail.co.uk>
Date: Fri, 19 Feb 2021 11:56:20 +0000
Subject: [PATCH] Add complete metrics server configuration

---
 pkg/apis/options/legacy_options.go | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/pkg/apis/options/legacy_options.go b/pkg/apis/options/legacy_options.go
index dbeb722c..66205de0 100644
--- a/pkg/apis/options/legacy_options.go
+++ b/pkg/apis/options/legacy_options.go
@@ -416,17 +416,23 @@ func getXAuthRequestAccessTokenHeader() Header {
 }
 
 type LegacyServer struct {
-	MetricsAddress string `flag:"metrics-address" cfg:"metrics_address"`
-	HTTPAddress    string `flag:"http-address" cfg:"http_address"`
-	HTTPSAddress   string `flag:"https-address" cfg:"https_address"`
-	TLSCertFile    string `flag:"tls-cert-file" cfg:"tls_cert_file"`
-	TLSKeyFile     string `flag:"tls-key-file" cfg:"tls_key_file"`
+	MetricsAddress       string `flag:"metrics-address" cfg:"metrics_address"`
+	MetricsSecureAddress string `flag:"metrics-secure-address" cfg:"metrics_address"`
+	MetricsTLSCertFile   string `flag:"metrics-tls-cert-file" cfg:"tls_cert_file"`
+	MetricsTLSKeyFile    string `flag:"metrics-tls-key-file" cfg:"tls_key_file"`
+	HTTPAddress          string `flag:"http-address" cfg:"http_address"`
+	HTTPSAddress         string `flag:"https-address" cfg:"https_address"`
+	TLSCertFile          string `flag:"tls-cert-file" cfg:"tls_cert_file"`
+	TLSKeyFile           string `flag:"tls-key-file" cfg:"tls_key_file"`
 }
 
 func legacyServerFlagset() *pflag.FlagSet {
 	flagSet := pflag.NewFlagSet("server", pflag.ExitOnError)
 
 	flagSet.String("metrics-address", "", "the address /metrics will be served on (e.g. \":9100\")")
+	flagSet.String("metrics-secure-address", "", "the address /metrics will be served on for HTTPS clients (e.g. \":9100\")")
+	flagSet.String("metrics-tls-cert-file", "", "path to certificate file for secure metrics server")
+	flagSet.String("metrics-tls-key-file", "", "path to private key file for secure metrics server")
 	flagSet.String("http-address", "127.0.0.1:4180", "[http://]<addr>:<port> or unix://<path> to listen on for HTTP clients")
 	flagSet.String("https-address", ":443", "<addr>:<port> to listen on for HTTPS clients")
 	flagSet.String("tls-cert-file", "", "path to certificate file")
@@ -458,7 +464,18 @@ func (l LegacyServer) convert() (Server, Server) {
 	}
 
 	metricsServer := Server{
-		BindAddress: l.MetricsAddress,
+		BindAddress:       l.MetricsAddress,
+		SecureBindAddress: l.MetricsSecureAddress,
+	}
+	if l.MetricsTLSKeyFile != "" || l.MetricsTLSCertFile != "" {
+		metricsServer.TLS = &TLS{
+			Key: &SecretSource{
+				FromFile: l.MetricsTLSKeyFile,
+			},
+			Cert: &SecretSource{
+				FromFile: l.MetricsTLSCertFile,
+			},
+		}
 	}
 
 	return appServer, metricsServer