From b4dbfa40f74f47d62029e1253669f58e30da36eb Mon Sep 17 00:00:00 2001
From: Shelly Xue Han <Shelly.Han@gov.bc.ca>
Date: Fri, 18 Oct 2024 10:36:46 -0700
Subject: [PATCH] added doc for metrics setup

---
 docs/resource-metrics.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 docs/resource-metrics.md

diff --git a/docs/resource-metrics.md b/docs/resource-metrics.md
new file mode 100644
index 000000000..9b8a42f4b
--- /dev/null
+++ b/docs/resource-metrics.md
@@ -0,0 +1,23 @@
+## Resource Metrics Setup
+
+For Registry to get metrics from Prometheus, the following things are needed:
+- a Service Account `registry-metrics-reader`
+- the cluster role and rolebinding for the SA to access metrics from all namespaces
+- a non-rotating service account token secret `registry-metrics-reader-sa-token` that can be used for Prometheus query
+
+These are created as part of the CCM from https://github.com/bcgov-c/platform-gitops-gen/tree/master/roles/cluster_checks/files
+
+To obtain the SA token for the query and test it out:
+```bash
+# get the token:
+export REGISTRY_TOKEN=$(oc get secret registry-metrics-reader-sa-token -n gitops-tools -o jsonpath='{.data.token}' | base64 --decode)
+# check token:
+echo $REGISTRY_TOKEN
+# test query (this is just an example, make sure to update the URL and query used for different environments)
+curl \
+-H 'Accept: application/json' \
+-H "Authorization: Bearer $REGISTRY_TOKEN" \
+-d 'query=sum(pod:container_cpu_usage:sum{namespace="e9b123-prod", pod=~"getok-app.*"})' \
+https://thanos-querier-openshift-monitoring.apps.klab.devops.gov.bc.ca/api/v1/query
+
+```