Configure metrics scraping

manifests/0000_90_cluster-storage-operator_01_prometheusrbac.yaml

@@ -0,0 +1,32 @@
+# Role for accessing metrics exposed by the cluster-storage-operator
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: prometheus
+  namespace: openshift-cluster-storage-operator
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - endpoints
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+---
+# Grant cluster-monitoring access to openshift-cluster-storage-operator metrics
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: prometheus
+  namespace: openshift-cluster-storage-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: prometheus
+subjects:
+- kind: ServiceAccount
+  name: prometheus-k8s
+  namespace: openshift-monitoring

manifests/0000_90_cluster-storage-operator_02_servicemonitor.yaml

@@ -0,0 +1,49 @@
+# Configure cluster-monitoring for cluster-storage-operator
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: cluster-storage-operator
+  namespace: openshift-cluster-storage-operator
+  annotations:
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+spec:
+  endpoints:
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    interval: 30s
+    path: /metrics
+    port: https
+    scheme: https
+    tlsConfig:
+      caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
+      serverName: cluster-storage-operator-metrics.openshift-cluster-storage-operator.svc
+  jobLabel: component
+  selector:
+    matchLabels:
+      app: cluster-storage-operator-metrics
+
+---
+
+# Configure cluster-monitoring for vsphere-problem-detector
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: vsphere-problem-detector
+  namespace: openshift-cluster-storage-operator
+  annotations:
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+spec:
+  endpoints:
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    interval: 30s
+    path: /metrics
+    port: https
+    scheme: https
+    tlsConfig:
+      caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
+      serverName: vsphere-problem-detector-metrics.openshift-cluster-storage-operator.svc
+  jobLabel: component
+  selector:
+    matchLabels:
+      app: vsphere-problem-detector-metrics

manifests/06_operator_cr.yaml

@@ -9,3 +9,4 @@ metadata:
 spec:
   managementState: Managed
   logLevel: Normal
+  operatorLogLevel: Normal

manifests/09_metrics_service.yaml

@@ -0,0 +1,47 @@
+# Expose operator metrics
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    service.alpha.openshift.io/serving-cert-secret-name: cluster-storage-operator-serving-cert
+  labels:
+    app: cluster-storage-operator-metrics
+  name: cluster-storage-operator-metrics
+  namespace: openshift-cluster-storage-operator
+spec:
+  ports:
+  - name: https
+    port: 443
+    protocol: TCP
+    targetPort: 8443
+  selector:
+    name: cluster-storage-operator
+  sessionAffinity: None
+  type: ClusterIP
+
+---
+
+# Expose vsphere-problem-detector metrics
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    include.release.openshift.io/ibm-cloud-managed: "true"
+    include.release.openshift.io/self-managed-high-availability: "true"
+    service.alpha.openshift.io/serving-cert-secret-name: vsphere-problem-detector-serving-cert
+  labels:
+    app: vsphere-problem-detector-metrics
+  name: vsphere-problem-detector-metrics
+  namespace: openshift-cluster-storage-operator
+spec:
+  ports:
+  - name: https
+    port: 443
+    protocol: TCP
+    targetPort: 8444
+  selector:
+    name: cluster-storage-operator
+  sessionAffinity: None
+  type: ClusterIP

manifests/09_deployment.yaml → manifests/10_deployment.yaml

@@ -37,7 +37,7 @@ spec:
           image: quay.io/openshift/origin-cluster-storage-operator:latest
           terminationMessagePolicy: FallbackToLogsOnError
           ports:
-          - containerPort: 60000
+          - containerPort: 8443
             name: metrics
           command:
           - cluster-storage-operator
@@ -86,16 +86,31 @@ spec:
             requests:
               cpu: 10m
               memory: 20Mi
+          volumeMounts:
+            - mountPath: /var/run/secrets/serving-cert
+              name: cluster-storage-operator-serving-cert
         - name: vsphere-problem-detector
           image: quay.io/openshift/origin-vsphere-problem-detector:latest
           args:
           - start
           - --listen=0.0.0.0:8444
           ports:
           - containerPort: 8444
-            name: metrics
+            name: vsphere-metrics
           imagePullPolicy: IfNotPresent
           resources:
             requests:
               cpu: 10m
               memory: 100Mi
+          volumeMounts:
+            - mountPath: /var/run/secrets/serving-cert
+              name: vsphere-problem-detector-serving-cert
+      volumes:
+        - name: cluster-storage-operator-serving-cert
+          secret:
+            secretName: cluster-storage-operator-serving-cert
+            optional: true
+        - name: vsphere-problem-detector-serving-cert
+          secret:
+            secretName: vsphere-problem-detector-serving-cert
+            optional: true