From b98d9e6dfc5a3985c56d4c00f2e411f44d9b291e Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Mon, 8 Dec 2025 13:19:21 +0530 Subject: [PATCH 1/3] fix: openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition Signed-off-by: akhil nittala --- config/prometheus/monitor.yaml | 46 ++++++++++++++----- .../1-104_validate_prometheus_alert_test.go | 26 +++++++---- 2 files changed, 53 insertions(+), 19 deletions(-) diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml index 339fe991c..ea132645b 100644 --- a/config/prometheus/monitor.yaml +++ b/config/prometheus/monitor.yaml @@ -1,22 +1,46 @@ - -# Prometheus Monitor Service (Metrics) +--- +apiVersion: v1 +kind: Secret +metadata: + name: metrics-monitor-bearer-token + namespace: openshift-gitops-operator + annotations: + kubernetes.io/service-account.name: openshift-gitops-operator-controller-manager +type: kubernetes.io/service-account-token +--- +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + openshift.io/description: This ConfigMap is used for Prometheus monitoring of the GitOps Operator. + openshift.io/display-name: GitOps Operator Prometheus Monitor ConfigMap + openshift.io/owning-component: service-ca + service.beta.openshift.io/inject-cabundle: "true" + name: metrics-monitor-ca-bundle + namespace: openshift-gitops-operator +--- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: + name: metrics-monitor + namespace: openshift-gitops-operator labels: control-plane: gitops-operator - name: metrics-monitor - namespace: system spec: + selector: + matchLabels: + control-plane: gitops-operator endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - path: /metrics + - bearerTokenSecret: + name: openshift-gitops-operator-metrics-monitor-bearer-token + key: token interval: 30s + path: /metrics port: metrics scheme: https tlsConfig: - caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt - serverName: openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc - selector: - matchLabels: - control-plane: gitops-operator + ca: + configMap: + name: openshift-gitops-operator-metrics-monitor-ca-bundle + key: service-ca.crt + serverName: openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc \ No newline at end of file diff --git a/test/openshift/e2e/ginkgo/sequential/1-104_validate_prometheus_alert_test.go b/test/openshift/e2e/ginkgo/sequential/1-104_validate_prometheus_alert_test.go index c99ce0e88..e989f1d06 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-104_validate_prometheus_alert_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-104_validate_prometheus_alert_test.go @@ -6,6 +6,7 @@ import ( monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1" "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture" k8sFixture "github.com/redhat-developer/gitops-operator/test/openshift/e2e/ginkgo/fixture/k8s" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -34,18 +35,27 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Eventually(sm).Should(k8sFixture.ExistByName()) Expect(sm.Spec.Endpoints).Should(Equal([]monitoringv1.Endpoint{{ - BearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token", - Interval: monitoringv1.Duration("30s"), - Path: "/metrics", - Port: "metrics", - Scheme: "https", + BearerTokenSecret: &corev1.SecretKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "openshift-gitops-operator-metrics-monitor-bearer-token", + }, + Key: "token", + }, Interval: monitoringv1.Duration("30s"), + Path: "/metrics", + Port: "metrics", + Scheme: "https", TLSConfig: &monitoringv1.TLSConfig{ SafeTLSConfig: monitoringv1.SafeTLSConfig{ - CA: monitoringv1.SecretOrConfigMap{}, - Cert: monitoringv1.SecretOrConfigMap{}, + CA: monitoringv1.SecretOrConfigMap{ + ConfigMap: &corev1.ConfigMapKeySelector{ + LocalObjectReference: corev1.LocalObjectReference{ + Name: "openshift-gitops-operator-metrics-monitor-ca-bundle", + }, + Key: "service-ca.crt", + }, + }, Cert: monitoringv1.SecretOrConfigMap{}, ServerName: "openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc", }, - CAFile: "/etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt", }, }})) From 4a5105fe791d314ce74fff2749bbca3864313254 Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Mon, 8 Dec 2025 13:21:28 +0530 Subject: [PATCH 2/3] fix: openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition Signed-off-by: akhil nittala --- .../gitops-operator.clusterserviceversion.yaml | 2 +- ...perator-metrics-monitor-bearer-token_v1_secret.yaml | 7 +++++++ ...perator-metrics-monitor-ca-bundle_v1_configmap.yaml | 10 ++++++++++ ...onitor_monitoring.coreos.com_v1_servicemonitor.yaml | 9 +++++++-- 4 files changed, 25 insertions(+), 3 deletions(-) create mode 100644 bundle/manifests/openshift-gitops-operator-metrics-monitor-bearer-token_v1_secret.yaml create mode 100644 bundle/manifests/openshift-gitops-operator-metrics-monitor-ca-bundle_v1_configmap.yaml diff --git a/bundle/manifests/gitops-operator.clusterserviceversion.yaml b/bundle/manifests/gitops-operator.clusterserviceversion.yaml index d21ef3c96..8bfe79074 100644 --- a/bundle/manifests/gitops-operator.clusterserviceversion.yaml +++ b/bundle/manifests/gitops-operator.clusterserviceversion.yaml @@ -180,7 +180,7 @@ metadata: capabilities: Deep Insights console.openshift.io/plugins: '["gitops-plugin"]' containerImage: quay.io/redhat-developer/gitops-operator - createdAt: "2025-11-20T04:44:08Z" + createdAt: "2025-12-08T07:51:04Z" description: Enables teams to adopt GitOps principles for managing cluster configurations and application delivery across hybrid multi-cluster Kubernetes environments. features.operators.openshift.io/disconnected: "true" diff --git a/bundle/manifests/openshift-gitops-operator-metrics-monitor-bearer-token_v1_secret.yaml b/bundle/manifests/openshift-gitops-operator-metrics-monitor-bearer-token_v1_secret.yaml new file mode 100644 index 000000000..ab422c66c --- /dev/null +++ b/bundle/manifests/openshift-gitops-operator-metrics-monitor-bearer-token_v1_secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/service-account.name: openshift-gitops-operator-controller-manager + name: openshift-gitops-operator-metrics-monitor-bearer-token +type: kubernetes.io/service-account-token diff --git a/bundle/manifests/openshift-gitops-operator-metrics-monitor-ca-bundle_v1_configmap.yaml b/bundle/manifests/openshift-gitops-operator-metrics-monitor-ca-bundle_v1_configmap.yaml new file mode 100644 index 000000000..e076c4b28 --- /dev/null +++ b/bundle/manifests/openshift-gitops-operator-metrics-monitor-ca-bundle_v1_configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + openshift.io/description: This ConfigMap is used for Prometheus monitoring of + the GitOps Operator. + openshift.io/display-name: GitOps Operator Prometheus Monitor ConfigMap + openshift.io/owning-component: service-ca + service.beta.openshift.io/inject-cabundle: "true" + name: openshift-gitops-operator-metrics-monitor-ca-bundle diff --git a/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml index 3c04d78a3..3b4e719bc 100644 --- a/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml +++ b/bundle/manifests/openshift-gitops-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -6,13 +6,18 @@ metadata: name: openshift-gitops-operator-metrics-monitor spec: endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + - bearerTokenSecret: + key: token + name: openshift-gitops-operator-metrics-monitor-bearer-token interval: 30s path: /metrics port: metrics scheme: https tlsConfig: - caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt + ca: + configMap: + key: service-ca.crt + name: openshift-gitops-operator-metrics-monitor-ca-bundle serverName: openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc selector: matchLabels: From b451925f06b79e5286411f18e64bfbea192e9383 Mon Sep 17 00:00:00 2001 From: akhil nittala Date: Fri, 12 Dec 2025 13:32:25 +0530 Subject: [PATCH 3/3] fix: openshift-gitops-operator-metrics-monitor ServiceMonitor is attempting to use a bearerTokenFile configuration in its endpoints definition Signed-off-by: akhil nittala --- .../1-104_validate_prometheus_alert_test.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/test/openshift/e2e/ginkgo/sequential/1-104_validate_prometheus_alert_test.go b/test/openshift/e2e/ginkgo/sequential/1-104_validate_prometheus_alert_test.go index e989f1d06..e3bf91958 100644 --- a/test/openshift/e2e/ginkgo/sequential/1-104_validate_prometheus_alert_test.go +++ b/test/openshift/e2e/ginkgo/sequential/1-104_validate_prometheus_alert_test.go @@ -40,10 +40,11 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { Name: "openshift-gitops-operator-metrics-monitor-bearer-token", }, Key: "token", - }, Interval: monitoringv1.Duration("30s"), - Path: "/metrics", - Port: "metrics", - Scheme: "https", + }, + Interval: monitoringv1.Duration("30s"), + Path: "/metrics", + Port: "metrics", + Scheme: "https", TLSConfig: &monitoringv1.TLSConfig{ SafeTLSConfig: monitoringv1.SafeTLSConfig{ CA: monitoringv1.SecretOrConfigMap{ @@ -53,7 +54,8 @@ var _ = Describe("GitOps Operator Sequential E2E Tests", func() { }, Key: "service-ca.crt", }, - }, Cert: monitoringv1.SecretOrConfigMap{}, + }, + Cert: monitoringv1.SecretOrConfigMap{}, ServerName: "openshift-gitops-operator-metrics-service.openshift-gitops-operator.svc", }, },