From 7e22db89dd51b484bee9118e6ebda921fff0e15e Mon Sep 17 00:00:00 2001 From: Camila Macedo <7708031+camilamacedo86@users.noreply.github.com> Date: Tue, 19 Nov 2024 19:00:54 +0000 Subject: [PATCH] add option to enable prometheus with real certs --- config/base/prometheus/kustomization.yaml | 9 ++++++++ .../prometheus/paches/monitor_tls_patch.yaml | 22 +++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 config/base/prometheus/paches/monitor_tls_patch.yaml diff --git a/config/base/prometheus/kustomization.yaml b/config/base/prometheus/kustomization.yaml index ed137168a..0edad079c 100644 --- a/config/base/prometheus/kustomization.yaml +++ b/config/base/prometheus/kustomization.yaml @@ -1,2 +1,11 @@ resources: - monitor.yaml + +# [PROMETHEUS WITH CERTMANAGER] The following patch configures the ServiceMonitor in ../prometheus +# to securely reference certificates created and managed by cert-manager. +# Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml +# to mount the "metrics-server-cert" secret in the Manager Deployment. +patches: + - path: patches/monitor_tls_patch.yaml + target: + kind: ServiceMonitor diff --git a/config/base/prometheus/paches/monitor_tls_patch.yaml b/config/base/prometheus/paches/monitor_tls_patch.yaml new file mode 100644 index 000000000..13584a303 --- /dev/null +++ b/config/base/prometheus/paches/monitor_tls_patch.yaml @@ -0,0 +1,22 @@ +# Patch for Prometheus ServiceMonitor to enable secure TLS configuration +# using certificates managed by cert-manager +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - tlsConfig: + insecureSkipVerify: false + ca: + secret: + name: olmv1-ca + key: ca.crt + cert: + secret: + name: olmv1-ca + key: olm-ca.crt + keySecret: + name: olmv1-ca + key: ca.crt