From 227c86532da393bc741db6b89b776f146b3996f0 Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Thu, 13 Nov 2025 14:19:37 +0530 Subject: [PATCH 1/6] fix: openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition Signed-off-by: akhil nittala --- config/manager/kustomization.yaml | 3 ++- config/prometheus/monitor.yaml | 44 ++++++++++++++++++++++++------- 2 files changed, 36 insertions(+), 11 deletions(-) diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index c7ac940f7..177cd2e2b 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -12,4 +12,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: quay.io/redhat-developer/gitops-operator + newName: quay.io/nittalaakhil/openshift-gitops-operator + newTag: 0.0.41 diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index 339fe991c..8a951845f 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -1,22 +1,46 @@ - -# Prometheus Monitor Service (Metrics) +--- +apiVersion: v1 +kind: Secret +metadata: + name: metrics-bearer-token + namespace: openshift-gitops-operator + annotations: + kubernetes.io/service-account.name: openshift-gitops-operator-controller-manager +type: kubernetes.io/service-account-token +--- +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + openshift.io/description: This ConfigMap is used for Prometheus monitoring of the GitOps Operator. + openshift.io/display-name: GitOps Operator Prometheus Monitor ConfigMap + openshift.io/owning-component: service-ca + service.beta.openshift.io/inject-cabundle: "true" + name: metrics-monitor-ca-bundle + namespace: openshift-gitops-operator +--- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: + name: metrics-monitor + namespace: openshift-gitops-operator labels: control-plane: gitops-operator - name: metrics-monitor - namespace: system spec: + selector: + matchLabels: + control-plane: gitops-operator endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - path: /metrics + - bearerTokenSecret: + name: openshift-gitops-operator-metrics-bearer-token + key: token interval: 30s + path: /metrics port: metrics scheme: https tlsConfig: - caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt + ca: + configMap: + name: openshift-gitops-operator-metrics-monitor-ca-bundle + key: service-ca.crt serverName: openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc - selector: - matchLabels: - control-plane: gitops-operator From 82fc6edf71b2c789011dafb4b7b88491b65d116b Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Sun, 16 Nov 2025 23:21:05 +0530 Subject: [PATCH 2/6] fix: openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition Signed-off-by: akhil nittala --- config/manager/kustomization.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 177cd2e2b..c7ac940f7 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -12,5 +12,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: quay.io/nittalaakhil/openshift-gitops-operator - newTag: 0.0.41 + newName: quay.io/redhat-developer/gitops-operator From 9d228450fd3b4eafe04efa3b176edee1110e133e Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Sun, 16 Nov 2025 23:28:26 +0530 Subject: [PATCH 3/6] fix: openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition Signed-off-by: akhil nittala --- ...nitoring.coreos.com_v1_servicemonitor.yaml | 46 +++++++++++++++---- 1 file changed, 36 insertions(+), 10 deletions(-) diff --git a/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml index 3c04d78a3..60abdd193 100644 --- a/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml +++ b/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -1,19 +1,45 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: metrics-bearer-token + namespace: openshift-gitops-operator + annotations: + kubernetes.io/service-account.name: openshift-gitops-operator-controller-manager +type: kubernetes.io/service-account-token +--- +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + openshift.io/description: This ConfigMap is used for Prometheus monitoring of the GitOps Operator. + openshift.io/display-name: GitOps Operator Prometheus Monitor ConfigMap + openshift.io/owning-component: service-ca + service.beta.openshift.io/inject-cabundle: "true" + name: metrics-monitor-ca-bundle + namespace: openshift-gitops-operator +--- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: + name: openshift-gitops-operator-metrics-monitor labels: control-plane: gitops-operator - name: openshift-gitops-operator-metrics-monitor spec: - endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - interval: 30s - path: /metrics - port: metrics - scheme: https - tlsConfig: - caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt - serverName: openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc selector: matchLabels: control-plane: gitops-operator + endpoints: + - bearerTokenSecret: + name: openshift-gitops-operator-metrics-bearer-token + key: token + interval: 30s + path: /metrics + port: metrics + scheme: https + tlsConfig: + ca: + configMap: + name: openshift-gitops-operator-metrics-monitor-ca-bundle + key: service-ca.crt + serverName: openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc From 254fae482d7c1cfc22b47545f4a9ffdc84b8da1e Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Sun, 16 Nov 2025 23:33:46 +0530 Subject: [PATCH 4/6] fix: openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition Signed-off-by: akhil nittala --- ...nitoring.coreos.com_v1_servicemonitor.yaml | 51 ++++++------------- 1 file changed, 15 insertions(+), 36 deletions(-) diff --git a/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml index 60abdd193..042ed3f0b 100644 --- a/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml +++ b/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -1,45 +1,24 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: metrics-bearer-token - namespace: openshift-gitops-operator - annotations: - kubernetes.io/service-account.name: openshift-gitops-operator-controller-manager -type: kubernetes.io/service-account-token ---- -apiVersion: v1 -kind: ConfigMap -metadata: - annotations: - openshift.io/description: This ConfigMap is used for Prometheus monitoring of the GitOps Operator. - openshift.io/display-name: GitOps Operator Prometheus Monitor ConfigMap - openshift.io/owning-component: service-ca - service.beta.openshift.io/inject-cabundle: "true" - name: metrics-monitor-ca-bundle - namespace: openshift-gitops-operator ---- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: openshift-gitops-operator-metrics-monitor labels: control-plane: gitops-operator + name: openshift-gitops-operator-metrics-monitor spec: + endpoints: + - bearerTokenSecret: + key: token + name: openshift-gitops-operator-metrics-bearer-token + interval: 30s + path: /metrics + port: metrics + scheme: https + tlsConfig: + ca: + configMap: + key: service-ca.crt + name: openshift-gitops-operator-metrics-monitor-ca-bundle + serverName: openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc selector: matchLabels: control-plane: gitops-operator - endpoints: - - bearerTokenSecret: - name: openshift-gitops-operator-metrics-bearer-token - key: token - interval: 30s - path: /metrics - port: metrics - scheme: https - tlsConfig: - ca: - configMap: - name: openshift-gitops-operator-metrics-monitor-ca-bundle - key: service-ca.crt - serverName: openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc From 4a3c072e924b56288c409ec1da591764f057dba1 Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Sun, 16 Nov 2025 23:40:42 +0530 Subject: [PATCH 5/6] fix: openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition Signed-off-by: akhil nittala --- ...gitops-operator-metrics-bearer-token_v1_secret.yaml | 7 +++++++ ...perator-metrics-monitor-ca-bundle_v1_configmap.yaml | 10 ++++++++++ 2 files changed, 17 insertions(+) create mode 100644 bundle/manifests/openshift-gitops-operator-metrics-bearer-token_v1_secret.yaml create mode 100644 bundle/manifests/openshift-gitops-operator-metrics-monitor-ca-bundle_v1_configmap.yaml diff --git a/bundle/manifests/openshift-gitops-operator-metrics-bearer-token_v1_secret.yaml b/bundle/manifests/openshift-gitops-operator-metrics-bearer-token_v1_secret.yaml new file mode 100644 index 000000000..a5ac5fdc9 --- /dev/null +++ b/bundle/manifests/openshift-gitops-operator-metrics-bearer-token_v1_secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/service-account.name: openshift-gitops-operator-controller-manager + name: openshift-gitops-operator-metrics-bearer-token +type: kubernetes.io/service-account-token diff --git a/bundle/manifests/openshift-gitops-operator-metrics-monitor-ca-bundle_v1_configmap.yaml b/bundle/manifests/openshift-gitops-operator-metrics-monitor-ca-bundle_v1_configmap.yaml new file mode 100644 index 000000000..e076c4b28 --- /dev/null +++ b/bundle/manifests/openshift-gitops-operator-metrics-monitor-ca-bundle_v1_configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + openshift.io/description: This ConfigMap is used for Prometheus monitoring of + the GitOps Operator. + openshift.io/display-name: GitOps Operator Prometheus Monitor ConfigMap + openshift.io/owning-component: service-ca + service.beta.openshift.io/inject-cabundle: "true" + name: openshift-gitops-operator-metrics-monitor-ca-bundle From c9910180c921826eb497d48daf329f08dc87f19d Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Tue, 18 Nov 2025 07:02:01 +0530 Subject: [PATCH 6/6] fix: openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition Signed-off-by: akhil nittala --- .../1-104_validate_prometheus_alert_test.go | 36 ++++++++++++------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go b/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go index 60152062b..147e52348 100644 --- a/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go +++ b/test/openshift/e2e/ginkgo/parallel/1-104_validate_prometheus_alert_test.go @@ -3,10 +3,14 @@ package parallel import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" + corev1 "k8s.io/api/core/v1" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture" k8sFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/k8s" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var _ = Describe("GitOps Operator Parallel E2E Tests", func() { @@ -14,7 +18,6 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { Context("1-104_validate_prometheus_alert", func() { BeforeEach(func() { - fixture.EnsureParallelCleanSlate() }) @@ -33,19 +36,29 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { } Eventually(sm).Should(k8sFixture.ExistByName()) - Expect(sm.Spec.Endpoints).Should(Equal([]monitoringv1.Endpoint{{ - BearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token", - Interval: monitoringv1.Duration("30s"), - Path: "/metrics", - Port: "metrics", - Scheme: "https", + Expect(sm.Spec.Endpoints).To(Equal([]monitoringv1.Endpoint{{ + BearerTokenSecret: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "openshift-gitops-operator-metrics-bearer-token", + }, + Key: "token", + }, + Interval: monitoringv1.Duration("30s"), + Path: "/metrics", + Port: "metrics", + Scheme: "https", TLSConfig: &monitoringv1.TLSConfig{ SafeTLSConfig: monitoringv1.SafeTLSConfig{ - CA: monitoringv1.SecretOrConfigMap{}, - Cert: monitoringv1.SecretOrConfigMap{}, + CA: monitoringv1.SecretOrConfigMap{ + ConfigMap: &corev1.ConfigMapKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "openshift-gitops-operator-metrics-monitor-ca-bundle", + }, + Key: "service-ca.crt", + }, + }, ServerName: "openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc", }, - CAFile: "/etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt", }, }})) @@ -57,5 +70,4 @@ var _ = Describe("GitOps Operator Parallel E2E Tests", func() { })) }) }) - })