diff --git a/content/docs/deployment/csmoperator/modules/observability.md b/content/docs/deployment/csmoperator/modules/observability.md index 5309acd77d..0ed1a428a2 100644 --- a/content/docs/deployment/csmoperator/modules/observability.md +++ b/content/docs/deployment/csmoperator/modules/observability.md @@ -14,30 +14,42 @@ The CSM Observability module for supported Dell CSI Drivers can be installed via kubectl create namespace karavi ``` - Enable Observability module and components in [sample manifests](https://github.com/dell/csm-operator/tree/main/samples). If cert-manager has already been installed, don't enable it. - - Scenario 1: Deploy one supported CSI Driver and enable Observability module - - If you enable `metrics-powerscale` or `metrics-powerflex`, must enable `otel-collector` as well. - - - Scenario 2: Deploy multiple supported CSI Drivers and enable Observability module - - When deploying the first driver, enable all components of Observability module in the CR. - - For the following drivers, only enable the metrics service, and remove `topology` and `otel-collector` sections from the CR. - - The CR created at first must be deleted at last. - - -Note: pods in the `karavi` namespace will be in the ContainerCreating state until certificates are successfully created as described in the next step. +- Observability will deploy with self-signed certificates by default. If you want to have custom certificates created instead, please generate certificates and private keys, encode them in base64, and insert them into the sample file as shown below for whichever components you are enabling: +``` + # observability: allows to configure observability + - name: observability +... + components: + - name: topology +... + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" +... + - name: otel-collector +... + # certificate: base64-encoded certificate for cert/private-key pair -- add cert here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + certificate: "" + # privateKey: base64-encoded private key for cert/private-key pair -- add private key here to use custom certificates + # for self-signed certs, leave empty string + # Allowed values: string + privateKey: "" +... +``` +- Notes: + - If you enable `metrics-powerscale` or `metrics-powerflex`, you must enable `otel-collector` as well. + - otel-collector cannot be enabled without a metrics component also enabled. + - If you are deploying multiple drivers, only enable topology, otel-collector, and cert-manager in the first driver. For subsequent drivers, only enable the metrics component. When deleting the deployment, the driver that was created first must be deleted last. -- Create certificates +## Install Observability + +- Once you have prepared the sample file(s) (one per driver being installed), deploy by running `kubectl apply -f ` on the sample file. - Note: you may need to wait for the cert-manager pods to be 60-90 seconds old to successfully create certificates without an x509 error. See the [cert-manager documentation](https://cert-manager.io/docs/concepts/webhook/#webhook-connection-problems-shortly-after-cert-manager-installation) for more information. - - - Option 1: Self-signed certificates - 1. A Sample certificates manifest can be found at `samples/observability/selfsigned-cert.yaml`. - 2. Create certificates - ```bash - kubectl create -f selfsigned-cert.yaml - ``` - - Option 2: Custom certificates - 1. Replace `tls.crt` and `tls.key` with actual base64-encoded certificate and private key in `samples/observability/custom-cert.yaml`. - 2. Create certificates - ```bash - kubectl create -f custom-cert.yaml - ```