Skip to content

Commit 09fb9c0

Browse files
snarayan-redhatsnarayan-redhat
authored
Merge pull request #95284 from openshift-cherrypick-robot/cherry-pick-95058-to-enterprise-4.17
[enterprise-4.17] OSDOCS#14993: Adding monitoring cert-manager metrics section
2 parents e17e993 + e544b0e commit 09fb9c0

File tree

4 files changed

+146
-75
lines changed

4 files changed

+146
-75
lines changed

modules/cert-manager-enable-metrics.adoc

Lines changed: 58 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -4,88 +4,89 @@
44

55
:_mod-docs-content-type: PROCEDURE
66
[id="cert-manager-enable-metrics_{context}"]
7-
= Enabling monitoring by using a service monitor for the {cert-manager-operator}
7+
= Configuring metrics collection for {cert-manager-operator} operands by using a ServiceMonitor
88

9-
You can enable monitoring and metrics collection for the {cert-manager-operator} by using a service monitor to perform the custom metrics scraping.
9+
The {cert-manager-operator} operands exposes metrics by default on port `9402` at the `/metrics` service endpoint. You can configure metrics collection for the cert-manager operands by creating a `ServiceMonitor` custom resource (CR) that enables Prometheus Operator to collect custom metrics. For more information, see "Configuring user workload monitoring".
1010

1111
.Prerequisites
1212

13-
* You have access to the cluster with `cluster-admin` privileges.
14-
* The {cert-manager-operator} is installed.
13+
* You have access to the cluster as a user with the `cluster-admin` role.
14+
* You have installed the {cert-manager-operator}.
15+
* You have enabled the user workload monitoring.
1516
1617
.Procedure
1718

18-
. Add the label to enable cluster monitoring by running the following command:
19-
+
20-
[source,terminal]
21-
----
22-
$ oc label namespace cert-manager openshift.io/cluster-monitoring=true
23-
----
19+
. Create the `ServiceMonitor` CR:
2420

25-
. Create a service monitor:
26-
27-
.. Create a YAML file that defines the `Role`, `RoleBinding`, and `ServiceMonitor` objects:
21+
.. Create the YAML file that defines the `ServiceMonitor` CR:
2822
+
29-
.Example `monitoring.yaml` file
30-
23+
.Example `servicemonitor-cert-manager.yaml` file
3124
[source,yaml]
3225
----
33-
apiVersion: rbac.authorization.k8s.io/v1
34-
kind: Role
35-
metadata:
36-
name: prometheus-k8s
37-
namespace: cert-manager
38-
rules:
39-
- apiGroups:
40-
- ""
41-
resources:
42-
- services
43-
- endpoints
44-
- pods
45-
verbs:
46-
- get
47-
- list
48-
- watch
49-
---
50-
apiVersion: rbac.authorization.k8s.io/v1
51-
kind: RoleBinding
52-
metadata:
53-
name: prometheus-k8s
54-
namespace: cert-manager
55-
roleRef:
56-
apiGroup: rbac.authorization.k8s.io
57-
kind: Role
58-
name: prometheus-k8s
59-
subjects:
60-
- kind: ServiceAccount
61-
name: prometheus-k8s
62-
namespace: openshift-monitoring
63-
---
6426
apiVersion: monitoring.coreos.com/v1
6527
kind: ServiceMonitor
6628
metadata:
6729
labels:
6830
app: cert-manager
69-
app.kubernetes.io/component: controller
7031
app.kubernetes.io/instance: cert-manager
7132
app.kubernetes.io/name: cert-manager
7233
name: cert-manager
7334
namespace: cert-manager
7435
spec:
7536
endpoints:
76-
- interval: 30s
77-
port: tcp-prometheus-servicemonitor
78-
scheme: http
37+
- honorLabels: false
38+
interval: 60s
39+
path: /metrics
40+
scrapeTimeout: 30s
41+
targetPort: 9402
7942
selector:
80-
matchLabels:
81-
app.kubernetes.io/component: controller
82-
app.kubernetes.io/instance: cert-manager
83-
app.kubernetes.io/name: cert-manager
43+
matchExpressions:
44+
- key: app.kubernetes.io/name
45+
operator: In
46+
values:
47+
- cainjector
48+
- cert-manager
49+
- webhook
50+
- key: app.kubernetes.io/instance
51+
operator: In
52+
values:
53+
- cert-manager
54+
- key: app.kubernetes.io/component
55+
operator: In
56+
values:
57+
- cainjector
58+
- controller
59+
- webhook
60+
----
61+
62+
.. Create the `ServiceMonitor` CR by running the following command:
63+
+
64+
[source,terminal]
8465
----
66+
$ oc apply -f servicemonitor-cert-manager.yaml
67+
----
68+
+
69+
After the `ServiceMonitor` CR is created, the user workload Prometheus instance begins metrics collection from the {cert-manager-operator} operands. The collected metrics are labeled with `job="cert-manager"`,`job="cert-manager-cainjector"`, and `job="cert-manager-webhook"`.
70+
71+
.Verification
72+
73+
. In the {product-title} web console, navigate to *Observe**Targets*.
8574

86-
.. Create the `Role`, `RoleBinding`, and `ServiceMonitor` objects by running the following command:
75+
. In the *Label* filter field, enter the following labels to filter the metrics targets for each operand:
76+
+
77+
[source,terminal]
78+
----
79+
$ service=cert-manager
80+
----
8781
+
8882
[source,terminal]
8983
----
90-
$ oc create -f monitoring.yaml
91-
----
84+
$ service=cert-manager-webhook
85+
----
86+
+
87+
[source,terminal]
88+
----
89+
$ service=cert-manager-cainjector
90+
----
91+
92+
. Confirm that the *Status* column shows `Up` for the `cert-manager`, `cert-manager-webhook`, and `cert-manager-cainjector` entries.

modules/cert-manager-enable-user-workload-monitor.adoc

Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
// Module included in the following assemblies:
2+
//
3+
// * security/cert_manager_operator/cert-manager-monitoring.adoc
4+
5+
:_mod-docs-content-type: PROCEDURE
6+
[id="cert-manager-enable-user-workload-monitor_{context}"]
7+
= Enabling user workload monitoring
8+
9+
You can enable monitoring for user-defined projects by configuring user workload monitoring in the cluster. For more information, see "Setting up metrics collection for user-defined projects".
10+
11+
.Prerequisites
12+
13+
* You have access to the cluster as a user with the `cluster-admin` role.
14+
15+
.Procedure
16+
17+
. Create the `cluster-monitoring-config.yaml` YAML file:
18+
+
19+
[source,yaml]
20+
----
21+
apiVersion: v1
22+
kind: ConfigMap
23+
metadata:
24+
name: cluster-monitoring-config
25+
namespace: openshift-monitoring
26+
data:
27+
config.yaml: |
28+
enableUserWorkload: true
29+
----
30+
31+
. Apply the `ConfigMap` by running the following command:
32+
+
33+
[source,terminal]
34+
----
35+
$ oc apply -f cluster-monitoring-config.yaml
36+
----
37+
38+
.Verification
39+
40+
. Verify that the monitoring components for user workloads are running in the `openshift-user-workload-monitoring` namespace by running the following command:
41+
+
42+
[source,terminal]
43+
----
44+
$ oc -n openshift-user-workload-monitoring get pod
45+
----
46+
+
47+
.Example output
48+
[source,terminal]
49+
----
50+
NAME READY STATUS RESTARTS AGE
51+
prometheus-operator-6cb6bd9588-dtzxq 2/2 Running 0 50s
52+
prometheus-user-workload-0 6/6 Running 0 48s
53+
prometheus-user-workload-1 6/6 Running 0 48s
54+
thanos-ruler-user-workload-0 4/4 Running 0 42s
55+
thanos-ruler-user-workload-1 4/4 Running 0 42s
56+
----
57+
+
58+
The status of the pods such as `prometheus-operator`, `prometheus-user-workload`, and `thanos-ruler-user-workload` must be `Running`.

modules/cert-manager-query-metrics.adoc

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -4,33 +4,33 @@
44

55
:_mod-docs-content-type: PROCEDURE
66
[id="cert-manager-query-metrics_{context}"]
7-
= Querying metrics for the {cert-manager-operator}
7+
= Querying metrics for the {cert-manager-operator} operands
88

9-
After you have enabled monitoring for the {cert-manager-operator}, you can query its metrics by using the {product-title} web console.
9+
As a cluster administrator, or as a user with view access to all namespaces, you can query {cert-manager-operator} operands metrics by using the {product-title} web console or the command-line interface (CLI). For more information, see "Accessing metrics".
1010

1111
.Prerequisites
1212

1313
* You have access to the cluster as a user with the `cluster-admin` role.
1414
* You have installed the {cert-manager-operator}.
15-
* You have enabled monitoring and metrics collection for the {cert-manager-operator}.
15+
* You have enabled monitoring and metrics collection by creating `ServiceMonitor` object.
1616
1717
.Procedure
1818

19-
. From the {product-title} web console, navigate to *Observe* -> *Metrics*.
19+
. In the {product-title} web console, navigate to *Observe* *Metrics*.
2020

21-
. Add a query by using one of the following formats:
22-
23-
** Specify the endpoints:
21+
. In the query field, enter the following PromQL expressions to query the {cert-manager-operator} operands metric for each operand:
2422
+
2523
[source,promql]
2624
----
27-
{instance="<endpoint>"} <1>
25+
{job="cert-manager"}
2826
----
29-
<1> Replace `<endpoint>` with the value of the endpoint for the `cert-manager` service. You can find the endpoint value by running the following command: `oc describe service cert-manager -n cert-manager`.
30-
31-
** Specify the `tcp-prometheus-servicemonitor` port:
3227
+
3328
[source,promql]
3429
----
35-
{endpoint="tcp-prometheus-servicemonitor"}
36-
----
30+
{job="cert-manager-webhook"}
31+
----
32+
+
33+
[source,promql]
34+
----
35+
{job="cert-manager-cainjector"}
36+
----

security/cert_manager_operator/cert-manager-monitoring.adoc

Lines changed: 17 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,15 +6,27 @@ include::_attributes/common-attributes.adoc[]
66

77
toc::[]
88

9-
You can expose controller metrics for the {cert-manager-operator} in the format provided by the Prometheus Operator.
9+
By default, the {cert-manager-operator} exposes metrics for the three core components: controller, cainjector, and webhook. You can configure OpenShift Monitoring to collect these metrics by using the Prometheus Operator format.
1010

11-
// Enabling metrics for the {cert-manager-operator}
11+
// Enabling user workload monitoring for the cert-manager operand
12+
include::modules/cert-manager-enable-user-workload-monitor.adoc[leveloffset=+1]
13+
14+
[role="_additional-resources"]
15+
.Additional resources
16+
* xref:../../observability/monitoring/configuring-user-workload-monitoring/configuring-metrics-uwm.adoc#setting-up-metrics-collection-for-user-defined-projects_configuring-metrics-uwm[Setting up metrics collection for user-defined projects]
17+
18+
// Metrics scraping for cert-manager operands by using a ServiceMonitor
1219
include::modules/cert-manager-enable-metrics.adoc[leveloffset=+1]
1320

1421
[role="_additional-resources"]
1522
.Additional resources
1623

17-
* xref:../../observability/monitoring/configuring-user-workload-monitoring/configuring-metrics-uwm.adoc#setting-up-metrics-collection-for-user-defined-projects_configuring-metrics-uwm[Setting up metrics collection for user-defined projects]
24+
* xref:../../observability/monitoring/configuring-user-workload-monitoring/preparing-to-configure-the-monitoring-stack-uwm.adoc#configurable-monitoring-components_preparing-to-configure-the-monitoring-stack-uwm[Configuring user workload monitoring]
25+
26+
// Querying metrics for the cert-manager operands
27+
include::modules/cert-manager-query-metrics.adoc[leveloffset=+1]
28+
29+
[role="_additional-resources"]
30+
.Additional resources
1831

19-
// Querying metrics for the {cert-manager-operator}
20-
include::modules/cert-manager-query-metrics.adoc[leveloffset=+1]
32+
* xref:../../observability/monitoring/accessing-metrics/accessing-metrics-as-an-administrator.adoc#accessing-metrics[Accessing metrics]

0 commit comments

Comments
 (0)