From 949cd111a2d3fcc9af209e2a487998e409ab0a9f Mon Sep 17 00:00:00 2001 From: Ayoub Mrini Date: Tue, 11 Jul 2023 09:44:12 +0200 Subject: [PATCH] MON-669: Remove etcd ServiceMonitors management code as they'll be now managed by cluster-etcd-operator. See https://github.com/openshift/cluster-etcd-operator/pull/1070 --- .../minimal-service-monitor-etcd.yaml | 32 ---------- .../control-plane/service-monitor-etcd.yaml | 27 -------- assets/prometheus-k8s/prometheus.yaml | 1 - hack/deploy-on-openshift.sh | 1 - hack/generate-etcd-secret.sh | 21 ------- hack/ocp-images.sh | 6 -- jsonnet/components/control-plane.libsonnet | 58 ------------------ jsonnet/components/prometheus.libsonnet | 1 - ...gure-authentication-for-monitors.libsonnet | 2 +- pkg/client/client.go | 12 ++++ pkg/manifests/config.go | 17 ------ pkg/manifests/config_test.go | 17 ------ pkg/manifests/manifests.go | 61 ------------------- pkg/manifests/manifests_test.go | 15 ----- pkg/manifests/types.go | 2 - pkg/operator/operator.go | 26 -------- pkg/tasks/controlplane.go | 50 ++++----------- 17 files changed, 25 insertions(+), 324 deletions(-) delete mode 100644 assets/control-plane/minimal-service-monitor-etcd.yaml delete mode 100644 assets/control-plane/service-monitor-etcd.yaml delete mode 100755 hack/generate-etcd-secret.sh diff --git a/assets/control-plane/minimal-service-monitor-etcd.yaml b/assets/control-plane/minimal-service-monitor-etcd.yaml deleted file mode 100644 index 14d5f24513..0000000000 --- a/assets/control-plane/minimal-service-monitor-etcd.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - app.kubernetes.io/managed-by: cluster-monitoring-operator - app.kubernetes.io/name: etcd - app.kubernetes.io/part-of: openshift-monitoring - k8s-app: etcd - monitoring.openshift.io/collection-profile: minimal - name: etcd-minimal - namespace: openshift-monitoring -spec: - endpoints: - - interval: 30s - metricRelabelings: - - action: keep - regex: (etcd_disk_backend_commit_duration_seconds_bucket|etcd_disk_wal_fsync_duration_seconds_bucket|etcd_mvcc_db_total_size_in_bytes|etcd_mvcc_db_total_size_in_use_in_bytes|etcd_network_peer_round_trip_time_seconds_bucket|etcd_network_peer_sent_failures_total|etcd_server_has_leader|etcd_server_is_leader|etcd_server_proposals_failed_total|etcd_server_quota_backend_bytes|grpc_server_handled_total|grpc_server_handling_seconds_bucket|grpc_server_started_total|process_start_time_seconds) - sourceLabels: - - __name__ - port: etcd-metrics - scheme: https - tlsConfig: - caFile: /etc/prometheus/secrets/kube-etcd-client-certs/etcd-client-ca.crt - certFile: /etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.crt - keyFile: /etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.key - jobLabel: k8s-app - namespaceSelector: - matchNames: - - openshift-etcd - selector: - matchLabels: - k8s-app: etcd diff --git a/assets/control-plane/service-monitor-etcd.yaml b/assets/control-plane/service-monitor-etcd.yaml deleted file mode 100644 index 576e674a27..0000000000 --- a/assets/control-plane/service-monitor-etcd.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - app.kubernetes.io/managed-by: cluster-monitoring-operator - app.kubernetes.io/name: etcd - app.kubernetes.io/part-of: openshift-monitoring - k8s-app: etcd - monitoring.openshift.io/collection-profile: full - name: etcd - namespace: openshift-monitoring -spec: - endpoints: - - interval: 30s - port: etcd-metrics - scheme: https - tlsConfig: - caFile: /etc/prometheus/secrets/kube-etcd-client-certs/etcd-client-ca.crt - certFile: /etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.crt - keyFile: /etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.key - jobLabel: k8s-app - namespaceSelector: - matchNames: - - openshift-etcd - selector: - matchLabels: - k8s-app: etcd diff --git a/assets/prometheus-k8s/prometheus.yaml b/assets/prometheus-k8s/prometheus.yaml index 36c3627319..27d7d0a15d 100644 --- a/assets/prometheus-k8s/prometheus.yaml +++ b/assets/prometheus-k8s/prometheus.yaml @@ -190,7 +190,6 @@ spec: openshift.io/cluster-monitoring: "true" ruleSelector: {} secrets: - - kube-etcd-client-certs - prometheus-k8s-tls - prometheus-k8s-proxy - prometheus-k8s-thanos-sidecar-tls diff --git a/hack/deploy-on-openshift.sh b/hack/deploy-on-openshift.sh index b12f13f42f..2deda3304e 100755 --- a/hack/deploy-on-openshift.sh +++ b/hack/deploy-on-openshift.sh @@ -24,5 +24,4 @@ oc apply -f manifests/01-namespace.yaml oc apply -f manifests/02-role-binding.yaml oc apply -f manifests/02-role.yaml oc apply -f manifests/03-config.yaml -oc apply -f manifests/03-etcd-secret.yaml oc apply -f manifests/04-deployment.yaml diff --git a/hack/generate-etcd-secret.sh b/hack/generate-etcd-secret.sh deleted file mode 100755 index a052cb0c4d..0000000000 --- a/hack/generate-etcd-secret.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env bash -set -e -set -x -# only exit with zero if all commands of the pipeline exit successfully -set -o pipefail - -NAMESPACE=openshift-kube-apiserver -APISERVERPODNAME="$(kubectl -n ${NAMESPACE} get pod -lapp=openshift-kube-apiserver -ojsonpath='{.items[0].metadata.name}')" - -cat <<-EOF -apiVersion: v1 -kind: Secret -metadata: - name: kube-etcd-client-certs - namespace: openshift-monitoring -type: Opaque -data: - etcd-client-ca.crt: "$(oc rsh -n ${NAMESPACE} "${APISERVERPODNAME}" cat /etc/kubernetes/static-pod-resources/configmaps/etcd-serving-ca/ca-bundle.crt | base64 --wrap=0)" - etcd-client.crt: "$(oc rsh -n ${NAMESPACE} "${APISERVERPODNAME}" cat /etc/kubernetes/static-pod-resources/secrets/etcd-client/tls.crt | base64 --wrap=0)" - etcd-client.key: "$(oc rsh -n ${NAMESPACE} "${APISERVERPODNAME}" cat /etc/kubernetes/static-pod-resources/secrets/etcd-client/tls.key | base64 --wrap=0)" -EOF diff --git a/hack/ocp-images.sh b/hack/ocp-images.sh index c39bfb7be6..5c100e3ec8 100755 --- a/hack/ocp-images.sh +++ b/hack/ocp-images.sh @@ -64,12 +64,6 @@ data: baseImage: ${INTERNAL_REGISTRY}/ose-kube-state-metrics auth: baseImage: ${INTERNAL_REGISTRY}/oauth-proxy - etcd: - enabled: true - targets: - selector: - openshift.io/component: etcd - openshift.io/control-plane: "true" EOF cat << EOF > manifests/cluster-monitoring-operator.yaml diff --git a/jsonnet/components/control-plane.libsonnet b/jsonnet/components/control-plane.libsonnet index f059ebe7b2..ade64494ba 100644 --- a/jsonnet/components/control-plane.libsonnet +++ b/jsonnet/components/control-plane.libsonnet @@ -10,64 +10,6 @@ function(params) _config+:: cfg.mixin._config, }, - serviceMonitorEtcd: { - apiVersion: 'monitoring.coreos.com/v1', - kind: 'ServiceMonitor', - metadata: { - name: 'etcd', - namespace: cfg.namespace, - labels: { - 'app.kubernetes.io/name': 'etcd', - 'k8s-app': 'etcd', - 'monitoring.openshift.io/collection-profile': 'full', - }, - }, - spec: { - jobLabel: 'k8s-app', - endpoints: [ - { - port: 'etcd-metrics', - interval: '30s', - scheme: 'https', - // Prometheus Operator (and Prometheus) allow us to specify a tlsConfig. This is required as most likely your etcd metrics end points is secure. - tlsConfig: { - caFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client-ca.crt', - keyFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.key', - certFile: '/etc/prometheus/secrets/kube-etcd-client-certs/etcd-client.crt', - }, - }, - ], - selector: { - matchLabels: { - 'k8s-app': 'etcd', - }, - }, - namespaceSelector: { - matchNames: ['openshift-etcd'], - }, - }, - }, - - minimalServiceMonitorEtcd: generateServiceMonitor.minimal( - self.serviceMonitorEtcd, std.join('|', - [ - 'etcd_disk_backend_commit_duration_seconds_bucket', - 'etcd_disk_wal_fsync_duration_seconds_bucket', - 'etcd_mvcc_db_total_size_in_bytes', - 'etcd_mvcc_db_total_size_in_use_in_bytes', - 'etcd_network_peer_round_trip_time_seconds_bucket', - 'etcd_network_peer_sent_failures_total', - 'etcd_server_has_leader', - 'etcd_server_is_leader', - 'etcd_server_proposals_failed_total', - 'etcd_server_quota_backend_bytes', - 'grpc_server_handled_total', - 'grpc_server_handling_seconds_bucket', - 'grpc_server_started_total', - 'process_start_time_seconds', - ]) - ), - // This changes the kubelet's certificates to be validated when // scraping. serviceMonitorKubelet+: { diff --git a/jsonnet/components/prometheus.libsonnet b/jsonnet/components/prometheus.libsonnet index f2553d7ab8..c2f331a022 100644 --- a/jsonnet/components/prometheus.libsonnet +++ b/jsonnet/components/prometheus.libsonnet @@ -328,7 +328,6 @@ function(params) runAsUser: 65534, }, secrets+: [ - 'kube-etcd-client-certs', //TODO(paulfantom): move it to etcd addon 'prometheus-k8s-tls', 'prometheus-k8s-proxy', 'prometheus-k8s-thanos-sidecar-tls', diff --git a/jsonnet/utils/configure-authentication-for-monitors.libsonnet b/jsonnet/utils/configure-authentication-for-monitors.libsonnet index 7ed38f785b..ef1c564c7d 100644 --- a/jsonnet/utils/configure-authentication-for-monitors.libsonnet +++ b/jsonnet/utils/configure-authentication-for-monitors.libsonnet @@ -1,7 +1,7 @@ { configureAuthenticationForMonitors(o): { local configureAuthentication(o) = o { - [if (o.kind == 'ServiceMonitor' && !std.startsWith(o.metadata.name, 'etcd')) || o.kind == 'PodMonitor' then 'spec']+: { + [if o.kind == 'ServiceMonitor' || o.kind == 'PodMonitor' then 'spec']+: { [if o.kind == 'ServiceMonitor' then 'endpoints' else 'podMetricsEndpoints']: [ if std.objectHas(e, 'scheme') && e.scheme == 'https' then e { diff --git a/pkg/client/client.go b/pkg/client/client.go index 39cdcad3ba..50f005033f 100644 --- a/pkg/client/client.go +++ b/pkg/client/client.go @@ -939,6 +939,18 @@ func (c *Client) DeleteSecret(ctx context.Context, s *v1.Secret) error { return err } +// NOTE: this is only used during 4.13->4.14 upgrade, will be removed after. +// TODO: remove this +func (c *Client) DeleteSecretByNamespaceAndName(ctx context.Context, namespace, name string) error { + err := c.kclient.CoreV1().Secrets(namespace).Delete(ctx, name, metav1.DeleteOptions{}) + // if the object does not exist then everything is good here + if err != nil && !apierrors.IsNotFound(err) { + return errors.Wrap(err, "deleting Secret object failed") + } + + return nil +} + // validatePrometheusResource is a helper method for ValidatePrometheus. // NOTE: this function is refactored out of wait.Poll for testing func (c Client) validatePrometheusResource(ctx context.Context, prom types.NamespacedName) (bool, []error) { diff --git a/pkg/manifests/config.go b/pkg/manifests/config.go index 033a21c320..1bb39fa7a2 100644 --- a/pkg/manifests/config.go +++ b/pkg/manifests/config.go @@ -166,19 +166,6 @@ type Audit struct { Profile auditv1.Level `json:"profile"` } -type EtcdConfig struct { - Enabled *bool `json:"-"` -} - -// IsEnabled returns the underlying value of the `Enabled` boolean pointer. -// It defaults to false if the pointer is nil. -func (e *EtcdConfig) IsEnabled() bool { - if e.Enabled == nil { - return false - } - return *e.Enabled -} - func (cfg *TelemeterClientConfig) IsEnabled() bool { if cfg == nil { return false @@ -311,10 +298,6 @@ func (c *Config) applyDefaults() { c.ClusterMonitoringConfiguration.K8sPrometheusAdapter.Audit.Profile = auditv1.LevelMetadata } - if c.ClusterMonitoringConfiguration.EtcdConfig == nil { - c.ClusterMonitoringConfiguration.EtcdConfig = &EtcdConfig{} - } - if c.ClusterMonitoringConfiguration.PrometheusK8sConfig.CollectionProfile == "" { c.ClusterMonitoringConfiguration.PrometheusK8sConfig.CollectionProfile = FullCollectionProfile } diff --git a/pkg/manifests/config_test.go b/pkg/manifests/config_test.go index 90da9d22b2..7c315c2cb0 100644 --- a/pkg/manifests/config_test.go +++ b/pkg/manifests/config_test.go @@ -174,23 +174,6 @@ func TestTelemeterClientConfig(t *testing.T) { } } -func TestEtcdDefaultsToDisabled(t *testing.T) { - c, err := NewConfigFromString("", false) - if err != nil { - t.Fatal(err) - } - if c.ClusterMonitoringConfiguration.EtcdConfig.IsEnabled() { - t.Error("an empty configuration should have etcd disabled") - } - c, err = NewConfigFromString(`{"etcd":{}}`, false) - if err != nil { - t.Fatal(err) - } - if c.ClusterMonitoringConfiguration.EtcdConfig.IsEnabled() { - t.Error("an empty etcd configuration should have etcd disabled") - } -} - func TestPromAdapterDedicatedSMsDefaultsToDisabled(t *testing.T) { c, err := NewConfigFromString("", false) if err != nil { diff --git a/pkg/manifests/manifests.go b/pkg/manifests/manifests.go index ba61beb623..1ca302aa69 100644 --- a/pkg/manifests/manifests.go +++ b/pkg/manifests/manifests.go @@ -288,8 +288,6 @@ var ( ControlPlaneKubeletServiceMonitor = "control-plane/service-monitor-kubelet.yaml" ControlPlaneKubeletMinimalServiceMonitor = "control-plane/minimal-service-monitor-kubelet.yaml" ControlPlaneKubeletServiceMonitorPA = "control-plane/service-monitor-kubelet-resource-metrics.yaml" - ControlPlaneEtcdServiceMonitor = "control-plane/service-monitor-etcd.yaml" - ControlPlaneEtcdMinimalServiceMonitor = "control-plane/minimal-service-monitor-etcd.yaml" MonitoringPlugin = "monitoring-plugin/console-plugin.yaml" MonitoringPluginConfigMap = "monitoring-plugin/config-map.yaml" @@ -1453,17 +1451,6 @@ func (f *Factory) PrometheusK8s(grpcTLS *v1.Secret, trustedCABundleCM *v1.Config } } - if !f.config.ClusterMonitoringConfiguration.EtcdConfig.IsEnabled() { - secrets := []string{} - for _, s := range p.Spec.Secrets { - if s != "kube-etcd-client-certs" { - secrets = append(secrets, s) - } - } - - p.Spec.Secrets = secrets - } - if f.config.Images.Thanos != "" { p.Spec.Thanos.Image = &f.config.Images.Thanos } @@ -2456,54 +2443,6 @@ func (f *Factory) ControlPlanePrometheusRule() (*monv1.PrometheusRule, error) { return r, nil } -func (f *Factory) ControlPlaneEtcdSecret(tlsClient *v1.Secret, ca *v1.ConfigMap) (*v1.Secret, error) { - data := make(map[string]string) - - for k, v := range tlsClient.Data { - data[k] = string(v) - } - - for k, v := range ca.Data { - data[k] = v - } - - r := newErrMapReader(data) - - var ( - clientCA = r.value(TrustedCABundleKey) - clientCert = r.value("tls.crt") - clientKey = r.value("tls.key") - ) - - if r.Error() != nil { - return nil, errors.Wrap(r.err, "couldn't find etcd certificate data") - } - - return &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Namespace: f.namespace, - Name: "kube-etcd-client-certs", - }, - StringData: map[string]string{ - "etcd-client-ca.crt": clientCA, - "etcd-client.key": clientKey, - "etcd-client.crt": clientCert, - }, - }, nil -} - -func (f *Factory) ControlPlaneEtcdServiceMonitors() ([]*monv1.ServiceMonitor, error) { - return serviceMonitors(f.config.TechPreview, f.ControlPlaneEtcdServiceMonitor, f.ControlPlaneEtcdMinimalServiceMonitor) -} - -func (f *Factory) ControlPlaneEtcdServiceMonitor() (*monv1.ServiceMonitor, error) { - return f.NewServiceMonitor(f.assets.MustNewAssetReader(ControlPlaneEtcdServiceMonitor)) -} - -func (f *Factory) ControlPlaneEtcdMinimalServiceMonitor() (*monv1.ServiceMonitor, error) { - return f.NewServiceMonitor(f.assets.MustNewAssetReader(ControlPlaneEtcdMinimalServiceMonitor)) -} - func (f *Factory) ControlPlaneKubeletServiceMonitors() ([]*monv1.ServiceMonitor, error) { return serviceMonitors(f.config.TechPreview, f.ControlPlaneKubeletServiceMonitor, f.ControlPlaneKubeletMinimalServiceMonitor) } diff --git a/pkg/manifests/manifests_test.go b/pkg/manifests/manifests_test.go index 84b0ecedac..758235605d 100644 --- a/pkg/manifests/manifests_test.go +++ b/pkg/manifests/manifests_test.go @@ -623,11 +623,6 @@ func TestUnconfiguredManifests(t *testing.T) { t.Fatal(err) } - _, err = f.ControlPlaneEtcdServiceMonitor() - if err != nil { - t.Fatal(err) - } - _, err = f.ControlPlaneKubeletServiceMonitor() if err != nil { t.Fatal(err) @@ -4111,16 +4106,6 @@ func TestNonHighlyAvailableInfrastructureServiceMonitors(t *testing.T) { return pt.Spec.Endpoints, nil }, }, - { - name: "etcd Service Monitor", - getEndpoints: func(f *Factory) ([]monv1.Endpoint, error) { - pt, err := f.ControlPlaneEtcdServiceMonitor() - if err != nil { - return nil, err - } - return pt.Spec.Endpoints, nil - }, - }, { name: "kubelet Service Monitor", getEndpoints: func(f *Factory) ([]monv1.Endpoint, error) { diff --git a/pkg/manifests/types.go b/pkg/manifests/types.go index 0aa71fdd52..3d456bb9c4 100644 --- a/pkg/manifests/types.go +++ b/pkg/manifests/types.go @@ -37,8 +37,6 @@ type ClusterMonitoringConfiguration struct { // `AlertmanagerMainConfig` defines settings for the // Alertmanager component in the `openshift-monitoring` namespace. AlertmanagerMainConfig *AlertmanagerMainConfig `json:"alertmanagerMain,omitempty"` - // OmitFromDoc - EtcdConfig *EtcdConfig `json:"-"` // `UserWorkloadEnabled` is a Boolean flag that enables monitoring for user-defined projects. UserWorkloadEnabled *bool `json:"enableUserWorkload,omitempty"` // OmitFromDoc diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index b3805918c3..6e51f4c0bf 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -148,7 +148,6 @@ const ( apiAuthenticationConfigMap = "kube-system/extension-apiserver-authentication" kubeletServingCAConfigMap = "openshift-config-managed/kubelet-serving-ca" prometheusAdapterTLSSecret = "openshift-monitoring/prometheus-adapter-tls" - etcdClientCAConfigMap = "openshift-config/etcd-metric-serving-ca" telemeterCABundleConfigMap = "openshift-monitoring/telemeter-trusted-ca-bundle" alertmanagerCABundleConfigMap = "openshift-monitoring/alertmanager-trusted-ca-bundle" grpcTLS = "openshift-monitoring/grpc-tls" @@ -601,7 +600,6 @@ func (o *Operator) handleEvent(obj interface{}) { case apiAuthenticationConfigMap: case kubeletServingCAConfigMap: case prometheusAdapterTLSSecret: - case etcdClientCAConfigMap: case telemeterCABundleConfigMap: case alertmanagerCABundleConfigMap: case grpcTLS: @@ -972,30 +970,6 @@ func (o *Operator) Config(ctx context.Context, key string) (*manifests.Config, e klog.Warningf("Error loading token from API. Proceeding without it: %v", err) } } - - cm, err := o.client.GetConfigmap(ctx, "openshift-config", "etcd-metric-serving-ca") - if err != nil { - klog.Warningf("Error loading etcd CA certificates for Prometheus. Proceeding with etcd disabled. Error: %v", err) - return c, nil - } - - s, err := o.client.GetSecret(ctx, "openshift-config", "etcd-metric-client") - if err != nil { - klog.Warningf("Error loading etcd client secrets for Prometheus. Proceeding with etcd disabled. Error: %v", err) - return c, nil - } - - caContent, caFound := cm.Data["ca-bundle.crt"] - certContent, certFound := s.Data["tls.crt"] - keyContent, keyFound := s.Data["tls.key"] - - if caFound && len(caContent) > 0 && - certFound && len(certContent) > 0 && - keyFound && len(keyContent) > 0 { - trueBool := true - c.ClusterMonitoringConfiguration.EtcdConfig.Enabled = &trueBool - } - return c, nil } diff --git a/pkg/tasks/controlplane.go b/pkg/tasks/controlplane.go index 67caf55113..601f6c2ccb 100644 --- a/pkg/tasks/controlplane.go +++ b/pkg/tasks/controlplane.go @@ -18,7 +18,6 @@ import ( "context" "github.com/pkg/errors" - "k8s.io/apimachinery/pkg/types" "github.com/openshift/cluster-monitoring-operator/pkg/client" "github.com/openshift/cluster-monitoring-operator/pkg/manifests" @@ -77,45 +76,20 @@ func (t *ControlPlaneTask) Run(ctx context.Context) error { } } - sms, err = t.factory.ControlPlaneEtcdServiceMonitors() + // NOTE: This is temporary, to clean these resources that used to be managed by CMO, now + // they are managed by CEO + // TODO: Remove this in 4.15 + err = t.client.DeleteSecretByNamespaceAndName(ctx, t.client.Namespace(), "kube-etcd-client-certs") if err != nil { - return errors.Wrap(err, "initializing control-plane etcd ServiceMonitors failed") + return errors.Wrap(err, "cleaning up the Secret failed") } - - if t.config.ClusterMonitoringConfiguration.EtcdConfig.IsEnabled() { - for _, sm := range sms { - err = t.client.CreateOrUpdateServiceMonitor(ctx, sm) - if err != nil { - return errors.Wrapf(err, "reconciling %s/%s ServiceMonitor failed", sm.Namespace, sm.Name) - } - } - - etcdCA, err := t.client.WaitForConfigMapByNsName(ctx, types.NamespacedName{Namespace: "openshift-config", Name: "etcd-metric-serving-ca"}) - if err != nil { - return errors.Wrap(err, "failed to wait for openshift-config/etcd-metric-serving-ca configmap") - } - - etcdClientSecret, err := t.client.WaitForSecretByNsName(ctx, types.NamespacedName{Namespace: "openshift-config", Name: "etcd-metric-client"}) - if err != nil { - return errors.Wrap(err, "failed to wait for openshift-config/etcd-metric-client secret") - } - - promEtcdSecret, err := t.factory.ControlPlaneEtcdSecret(etcdClientSecret, etcdCA) - if err != nil { - return errors.Wrap(err, "initializing prometheus etcd service monitor secret failed") - } - - err = t.client.CreateOrUpdateSecret(ctx, promEtcdSecret) - if err != nil { - return errors.Wrap(err, "reconciling prometheus etcd service monitor secret") - } - } else { - for _, sm := range sms { - err = t.client.DeleteServiceMonitor(ctx, sm) - if err != nil { - return errors.Wrapf(err, "deleting %s/%s ServiceMonitor failed", sm.Namespace, sm.Name) - } - } + err = t.client.DeleteServiceMonitorByNamespaceAndName(ctx, t.client.Namespace(), "etcd") + if err != nil { + return errors.Wrap(err, "cleaning up the ServiceMonitor failed") + } + err = t.client.DeleteServiceMonitorByNamespaceAndName(ctx, t.client.Namespace(), "etcd-minimal") + if err != nil { + return errors.Wrap(err, "cleaning up the ServiceMonitor failed") } return nil