From 0b0144eff42b1b2857fdd30df5925681fe1fcdf1 Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Fri, 8 Mar 2024 11:06:14 +0100 Subject: [PATCH 01/12] fix(operator): Use service-ca provided cert/key/ca for operator sm --- ...ontroller-manager-metrics-ca_v1_configmap.yaml | 12 ++++++++++++ .../loki-operator.clusterserviceversion.yaml | 2 +- .../loki-operator.clusterserviceversion.yaml | 2 +- ...ontroller-manager-metrics-ca_v1_configmap.yaml | 12 ++++++++++++ ...r_monitoring.coreos.com_v1_servicemonitor.yaml | 15 ++++++++++++--- .../loki-operator.clusterserviceversion.yaml | 2 +- .../config/overlays/openshift/kustomization.yaml | 1 + .../openshift/manager_metrics_configmap_ca.yaml | 7 +++++++ .../prometheus_service_monitor_patch.yaml | 15 ++++++++++++--- 9 files changed, 59 insertions(+), 9 deletions(-) create mode 100644 operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml create mode 100644 operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml create mode 100644 operator/config/overlays/openshift/manager_metrics_configmap_ca.yaml diff --git a/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml new file mode 100644 index 0000000000000..549a2b71e60da --- /dev/null +++ b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + service.beta.openshift.io/inject-cabundle: "true" + labels: + app.kubernetes.io/instance: loki-operator-v0.5.0 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.5.0 + name: loki-operator-controller-manager-metrics-ca diff --git a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml index 4241ddce4cd76..88fa854542e1c 100644 --- a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-07T12:56:37Z" + createdAt: "2024-03-08T10:05:32Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. features.operators.openshift.io/disconnected: "true" diff --git a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml index 689ea55ffe8f5..b79adac6e9095 100644 --- a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-07T12:56:34Z" + createdAt: "2024-03-08T10:05:31Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. operators.operatorframework.io/builder: operator-sdk-unknown diff --git a/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml b/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml new file mode 100644 index 0000000000000..a2d626ac92e4e --- /dev/null +++ b/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + service.beta.openshift.io/inject-cabundle: "true" + labels: + app.kubernetes.io/instance: loki-operator-0.1.0 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: cluster-logging + app.kubernetes.io/version: 0.1.0 + name: loki-operator-controller-manager-metrics-ca diff --git a/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml index 83b6a0efa53ab..3c1c20237b6a0 100644 --- a/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml +++ b/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -11,14 +11,23 @@ metadata: name: loki-operator-metrics-monitor spec: endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - interval: 30s + - interval: 30s path: /metrics scheme: https scrapeTimeout: 10s targetPort: 8443 tlsConfig: - caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt + ca: + configMap: + key: service-ca.crt + name: loki-operator-controller-manager-metrics-ca + cert: + secret: + key: tls.crt + name: loki-operator-controller-manager-metrics-service + keySecret: + key: tls.key + name: loki-operator-controller-manager-metrics-service serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc selector: matchLabels: diff --git a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml index 8abaf3bd0e267..62a13058df341 100644 --- a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: quay.io/openshift-logging/loki-operator:0.1.0 - createdAt: "2024-03-07T12:56:40Z" + createdAt: "2024-03-08T10:05:34Z" description: | The Loki Operator for OCP provides a means for configuring and managing a Loki stack for cluster logging. ## Prerequisites and Requirements diff --git a/operator/config/overlays/openshift/kustomization.yaml b/operator/config/overlays/openshift/kustomization.yaml index 9a74cbddba342..246a4e98bc7bc 100644 --- a/operator/config/overlays/openshift/kustomization.yaml +++ b/operator/config/overlays/openshift/kustomization.yaml @@ -4,6 +4,7 @@ resources: - ../../manager - ../../webhook - ../../prometheus +- manager_metrics_configmap_ca.yaml # Adds namespace to all resources. namespace: openshift-operators-redhat diff --git a/operator/config/overlays/openshift/manager_metrics_configmap_ca.yaml b/operator/config/overlays/openshift/manager_metrics_configmap_ca.yaml new file mode 100644 index 0000000000000..45ad7419c3090 --- /dev/null +++ b/operator/config/overlays/openshift/manager_metrics_configmap_ca.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + annotations: + service.beta.openshift.io/inject-cabundle: true + labels: + name: controller-manager-metrics-ca diff --git a/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml b/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml index 35c522749b6dc..a3396af1bae38 100644 --- a/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml +++ b/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml @@ -6,12 +6,21 @@ metadata: name: metrics-monitor spec: endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - path: /metrics + - path: /metrics targetPort: 8443 scheme: https interval: 30s scrapeTimeout: 10s tlsConfig: - caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt + ca: + configMap: + key: service-ca.crt + name: loki-operator-controller-manager-metrics-ca + cert: + secret: + key: tls.crt + name: loki-operator-controller-manager-metrics-service + keySecret: + key: tls.key + name: loki-operator-controller-manager-metrics-service serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc From 5f028217b37586324f09e718a816297aaaf9ecb1 Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Mon, 11 Mar 2024 10:16:15 +0100 Subject: [PATCH 02/12] Fix servicemonitor secret references --- .../manifests/loki-operator.clusterserviceversion.yaml | 2 +- .../manifests/loki-operator.clusterserviceversion.yaml | 2 +- ...trics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml | 4 ++-- .../manifests/loki-operator.clusterserviceversion.yaml | 2 +- .../overlays/openshift/prometheus_service_monitor_patch.yaml | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml index 88fa854542e1c..8e3ad6ec3a01e 100644 --- a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-08T10:05:32Z" + createdAt: "2024-03-11T09:15:46Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. features.operators.openshift.io/disconnected: "true" diff --git a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml index b79adac6e9095..3276b99725aa8 100644 --- a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-08T10:05:31Z" + createdAt: "2024-03-11T09:15:44Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. operators.operatorframework.io/builder: operator-sdk-unknown diff --git a/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml index 3c1c20237b6a0..5768ee49d1429 100644 --- a/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml +++ b/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -24,10 +24,10 @@ spec: cert: secret: key: tls.crt - name: loki-operator-controller-manager-metrics-service + name: loki-operator-metrics keySecret: key: tls.key - name: loki-operator-controller-manager-metrics-service + name: loki-operator-metrics serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc selector: matchLabels: diff --git a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml index 62a13058df341..9b284424b5135 100644 --- a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: quay.io/openshift-logging/loki-operator:0.1.0 - createdAt: "2024-03-08T10:05:34Z" + createdAt: "2024-03-11T09:15:47Z" description: | The Loki Operator for OCP provides a means for configuring and managing a Loki stack for cluster logging. ## Prerequisites and Requirements diff --git a/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml b/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml index a3396af1bae38..042a25ab6d93a 100644 --- a/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml +++ b/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml @@ -19,8 +19,8 @@ spec: cert: secret: key: tls.crt - name: loki-operator-controller-manager-metrics-service + name: loki-operator-metrics keySecret: key: tls.key - name: loki-operator-controller-manager-metrics-service + name: loki-operator-metrics serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc From 4a065a4da92bbe27effe25fed2e1f8cbb535e2fd Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Mon, 11 Mar 2024 10:59:24 +0100 Subject: [PATCH 03/12] Switch from mTLS to bearer token authentication --- ...controller-manager-metrics-token_v1_secret.yaml | 13 +++++++++++++ .../loki-operator.clusterserviceversion.yaml | 7 ++++--- .../loki-operator.clusterserviceversion.yaml | 7 ++++--- ...controller-manager-metrics-token_v1_secret.yaml | 13 +++++++++++++ ...or_monitoring.coreos.com_v1_servicemonitor.yaml | 14 ++++++-------- .../loki-operator.clusterserviceversion.yaml | 7 ++++--- operator/config/manager/manager.yaml | 1 + .../config/overlays/openshift/kustomization.yaml | 1 + .../openshift/manager_metrics_secret_token.yaml | 7 +++++++ .../prometheus_service_monitor_patch.yaml | 12 +++++------- operator/config/rbac/auth_proxy_role_binding.yaml | 2 +- operator/config/rbac/kustomization.yaml | 1 + .../config/rbac/leader_election_role_binding.yaml | 2 +- operator/config/rbac/role_binding.yaml | 2 +- operator/config/rbac/serviceaccount.yaml | 5 +++++ 15 files changed, 67 insertions(+), 27 deletions(-) create mode 100644 operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml create mode 100644 operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml create mode 100644 operator/config/overlays/openshift/manager_metrics_secret_token.yaml create mode 100644 operator/config/rbac/serviceaccount.yaml diff --git a/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml new file mode 100644 index 0000000000000..b912a9c8406d6 --- /dev/null +++ b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/service-account.name: loki-operator-controller-manager + labels: + app.kubernetes.io/instance: loki-operator-v0.5.0 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.5.0 + name: loki-operator-controller-manager-metrics-token +type: kubernetes.io/service-account-token diff --git a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml index 8e3ad6ec3a01e..0afd08290fdad 100644 --- a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-11T09:15:46Z" + createdAt: "2024-03-11T10:13:36Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. features.operators.openshift.io/disconnected: "true" @@ -1678,7 +1678,7 @@ spec: - subjectaccessreviews verbs: - create - serviceAccountName: default + serviceAccountName: loki-operator-controller-manager deployments: - label: app.kubernetes.io/instance: loki-operator-v0.5.0 @@ -1779,6 +1779,7 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault + serviceAccountName: loki-operator-controller-manager terminationGracePeriodSeconds: 10 volumes: - configMap: @@ -1812,7 +1813,7 @@ spec: verbs: - create - patch - serviceAccountName: default + serviceAccountName: loki-operator-controller-manager strategy: deployment installModes: - supported: false diff --git a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml index 3276b99725aa8..ec297372b5592 100644 --- a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-11T09:15:44Z" + createdAt: "2024-03-11T10:13:34Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. operators.operatorframework.io/builder: operator-sdk-unknown @@ -1658,7 +1658,7 @@ spec: - subjectaccessreviews verbs: - create - serviceAccountName: default + serviceAccountName: loki-operator-controller-manager deployments: - label: app.kubernetes.io/instance: loki-operator-v0.5.0 @@ -1748,6 +1748,7 @@ spec: kubernetes.io/os: linux securityContext: runAsNonRoot: true + serviceAccountName: loki-operator-controller-manager terminationGracePeriodSeconds: 10 volumes: - name: webhook-cert @@ -1780,7 +1781,7 @@ spec: verbs: - create - patch - serviceAccountName: default + serviceAccountName: loki-operator-controller-manager strategy: deployment installModes: - supported: false diff --git a/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml b/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml new file mode 100644 index 0000000000000..8fa6e8a7d2881 --- /dev/null +++ b/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: + kubernetes.io/service-account.name: loki-operator-controller-manager + labels: + app.kubernetes.io/instance: loki-operator-0.1.0 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: cluster-logging + app.kubernetes.io/version: 0.1.0 + name: loki-operator-controller-manager-metrics-token +type: kubernetes.io/service-account-token diff --git a/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml index 5768ee49d1429..61016de323ece 100644 --- a/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml +++ b/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -11,7 +11,12 @@ metadata: name: loki-operator-metrics-monitor spec: endpoints: - - interval: 30s + - authorization: + credentials: + key: token + name: loki-operator-controller-manager-metrics-token + type: bearer + interval: 30s path: /metrics scheme: https scrapeTimeout: 10s @@ -21,13 +26,6 @@ spec: configMap: key: service-ca.crt name: loki-operator-controller-manager-metrics-ca - cert: - secret: - key: tls.crt - name: loki-operator-metrics - keySecret: - key: tls.key - name: loki-operator-metrics serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc selector: matchLabels: diff --git a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml index 9b284424b5135..0bd7b628bdea9 100644 --- a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: quay.io/openshift-logging/loki-operator:0.1.0 - createdAt: "2024-03-11T09:15:47Z" + createdAt: "2024-03-11T10:13:39Z" description: | The Loki Operator for OCP provides a means for configuring and managing a Loki stack for cluster logging. ## Prerequisites and Requirements @@ -1663,7 +1663,7 @@ spec: - subjectaccessreviews verbs: - create - serviceAccountName: default + serviceAccountName: loki-operator-controller-manager deployments: - label: app.kubernetes.io/instance: loki-operator-0.1.0 @@ -1764,6 +1764,7 @@ spec: runAsNonRoot: true seccompProfile: type: RuntimeDefault + serviceAccountName: loki-operator-controller-manager terminationGracePeriodSeconds: 10 volumes: - configMap: @@ -1797,7 +1798,7 @@ spec: verbs: - create - patch - serviceAccountName: default + serviceAccountName: loki-operator-controller-manager strategy: deployment installModes: - supported: false diff --git a/operator/config/manager/manager.yaml b/operator/config/manager/manager.yaml index 3b617b00b1c41..fe6a940c38857 100644 --- a/operator/config/manager/manager.yaml +++ b/operator/config/manager/manager.yaml @@ -39,4 +39,5 @@ spec: periodSeconds: 10 nodeSelector: kubernetes.io/os: linux + serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/operator/config/overlays/openshift/kustomization.yaml b/operator/config/overlays/openshift/kustomization.yaml index 246a4e98bc7bc..b6072ed7e5af9 100644 --- a/operator/config/overlays/openshift/kustomization.yaml +++ b/operator/config/overlays/openshift/kustomization.yaml @@ -4,6 +4,7 @@ resources: - ../../manager - ../../webhook - ../../prometheus +- manager_metrics_secret_token.yaml - manager_metrics_configmap_ca.yaml # Adds namespace to all resources. diff --git a/operator/config/overlays/openshift/manager_metrics_secret_token.yaml b/operator/config/overlays/openshift/manager_metrics_secret_token.yaml new file mode 100644 index 0000000000000..83d4fefa23b5c --- /dev/null +++ b/operator/config/overlays/openshift/manager_metrics_secret_token.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: controller-manager-metrics-token + annotations: + kubernetes.io/service-account.name: loki-operator-controller-manager +type: kubernetes.io/service-account-token diff --git a/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml b/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml index 042a25ab6d93a..2aa5ea8f836a9 100644 --- a/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml +++ b/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml @@ -11,16 +11,14 @@ spec: scheme: https interval: 30s scrapeTimeout: 10s + authorization: + type: bearer + credentials: + key: token + name: loki-operator-controller-manager-metrics-token tlsConfig: ca: configMap: key: service-ca.crt name: loki-operator-controller-manager-metrics-ca - cert: - secret: - key: tls.crt - name: loki-operator-metrics - keySecret: - key: tls.key - name: loki-operator-metrics serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc diff --git a/operator/config/rbac/auth_proxy_role_binding.yaml b/operator/config/rbac/auth_proxy_role_binding.yaml index 48ed1e4b85c42..ec7acc0a1b79c 100644 --- a/operator/config/rbac/auth_proxy_role_binding.yaml +++ b/operator/config/rbac/auth_proxy_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: proxy-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/operator/config/rbac/kustomization.yaml b/operator/config/rbac/kustomization.yaml index b48c43c1690bf..48bbdd4cb7443 100644 --- a/operator/config/rbac/kustomization.yaml +++ b/operator/config/rbac/kustomization.yaml @@ -9,3 +9,4 @@ resources: - auth_proxy_client_clusterrole.yaml - prometheus_role.yaml - prometheus_role_binding.yaml +- serviceaccount.yaml diff --git a/operator/config/rbac/leader_election_role_binding.yaml b/operator/config/rbac/leader_election_role_binding.yaml index eed16906f4dcb..1d1321ed4f020 100644 --- a/operator/config/rbac/leader_election_role_binding.yaml +++ b/operator/config/rbac/leader_election_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/operator/config/rbac/role_binding.yaml b/operator/config/rbac/role_binding.yaml index e97e9b5e1e83b..93d27e99a43e8 100644 --- a/operator/config/rbac/role_binding.yaml +++ b/operator/config/rbac/role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: lokistack-manager subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/operator/config/rbac/serviceaccount.yaml b/operator/config/rbac/serviceaccount.yaml new file mode 100644 index 0000000000000..7cd6025bfc4af --- /dev/null +++ b/operator/config/rbac/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system From e9c9c3f2c094ff50a46f16c6a7f0440122d670fa Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Tue, 12 Mar 2024 10:01:33 +0100 Subject: [PATCH 04/12] Add metrics reader sa and rbac --- ...ager-metrics-reader_v1_serviceaccount.yaml | 11 +++++++++++ ...oller-manager-metrics-token_v1_secret.yaml | 2 +- ...c.authorization.k8s.io_v1_rolebinding.yaml | 19 +++++++++++++++++++ .../loki-operator.clusterserviceversion.yaml | 2 +- ...ager-metrics-reader_v1_serviceaccount.yaml | 11 +++++++++++ ...c.authorization.k8s.io_v1_rolebinding.yaml | 19 +++++++++++++++++++ .../loki-operator.clusterserviceversion.yaml | 2 +- ...ager-metrics-reader_v1_serviceaccount.yaml | 11 +++++++++++ ...oller-manager-metrics-token_v1_secret.yaml | 2 +- ...c.authorization.k8s.io_v1_rolebinding.yaml | 19 +++++++++++++++++++ .../loki-operator.clusterserviceversion.yaml | 2 +- .../manager_metrics_secret_token.yaml | 2 +- .../rbac/auth_proxy_client_rolebinding.yaml | 12 ++++++++++++ .../auth_proxy_client_serviceaccount.yaml | 5 +++++ operator/config/rbac/kustomization.yaml | 2 ++ 15 files changed, 115 insertions(+), 6 deletions(-) create mode 100644 operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml create mode 100644 operator/bundle/community-openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml create mode 100644 operator/bundle/community/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml create mode 100644 operator/bundle/community/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml create mode 100644 operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml create mode 100644 operator/bundle/openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml create mode 100644 operator/config/rbac/auth_proxy_client_rolebinding.yaml create mode 100644 operator/config/rbac/auth_proxy_client_serviceaccount.yaml diff --git a/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml new file mode 100644 index 0000000000000..9c9303fdc7104 --- /dev/null +++ b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.5.0 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.5.0 + name: loki-operator-controller-manager-metrics-reader diff --git a/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml index b912a9c8406d6..9cae4a32e437f 100644 --- a/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml +++ b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: annotations: - kubernetes.io/service-account.name: loki-operator-controller-manager + kubernetes.io/service-account.name: loki-operator-controller-manager-metrics-reader labels: app.kubernetes.io/instance: loki-operator-v0.5.0 app.kubernetes.io/managed-by: operator-lifecycle-manager diff --git a/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml new file mode 100644 index 0000000000000..f7e2c2e873743 --- /dev/null +++ b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.5.0 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.5.0 + name: loki-operator-controller-manager-read-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: loki-operator-metrics-reader +subjects: +- kind: ServiceAccount + name: loki-operator-controller-manager-metrics-reader + namespace: kubernetes-operators diff --git a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml index 0afd08290fdad..efdcd83dd950f 100644 --- a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-11T10:13:36Z" + createdAt: "2024-03-12T08:59:53Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. features.operators.openshift.io/disconnected: "true" diff --git a/operator/bundle/community/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml b/operator/bundle/community/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml new file mode 100644 index 0000000000000..9c9303fdc7104 --- /dev/null +++ b/operator/bundle/community/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.5.0 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.5.0 + name: loki-operator-controller-manager-metrics-reader diff --git a/operator/bundle/community/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml b/operator/bundle/community/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml new file mode 100644 index 0000000000000..ccc0c315bbf0c --- /dev/null +++ b/operator/bundle/community/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-v0.5.0 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: loki-operator + app.kubernetes.io/version: 0.5.0 + name: loki-operator-controller-manager-read-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: loki-operator-metrics-reader +subjects: +- kind: ServiceAccount + name: loki-operator-controller-manager-metrics-reader + namespace: loki-operator diff --git a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml index ec297372b5592..64f21fa7dd3b8 100644 --- a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-11T10:13:34Z" + createdAt: "2024-03-12T08:59:52Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. operators.operatorframework.io/builder: operator-sdk-unknown diff --git a/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml b/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml new file mode 100644 index 0000000000000..7a2ab31a78a4d --- /dev/null +++ b/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-reader_v1_serviceaccount.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-0.1.0 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: cluster-logging + app.kubernetes.io/version: 0.1.0 + name: loki-operator-controller-manager-metrics-reader diff --git a/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml b/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml index 8fa6e8a7d2881..8abb584b4ea23 100644 --- a/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml +++ b/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-token_v1_secret.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Secret metadata: annotations: - kubernetes.io/service-account.name: loki-operator-controller-manager + kubernetes.io/service-account.name: loki-operator-controller-manager-metrics-reader labels: app.kubernetes.io/instance: loki-operator-0.1.0 app.kubernetes.io/managed-by: operator-lifecycle-manager diff --git a/operator/bundle/openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml b/operator/bundle/openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml new file mode 100644 index 0000000000000..1fbcef36a5ad9 --- /dev/null +++ b/operator/bundle/openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/instance: loki-operator-0.1.0 + app.kubernetes.io/managed-by: operator-lifecycle-manager + app.kubernetes.io/name: loki-operator + app.kubernetes.io/part-of: cluster-logging + app.kubernetes.io/version: 0.1.0 + name: loki-operator-controller-manager-read-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: loki-operator-metrics-reader +subjects: +- kind: ServiceAccount + name: loki-operator-controller-manager-metrics-reader + namespace: openshift-operators-redhat diff --git a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml index 0bd7b628bdea9..da558154cf19d 100644 --- a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: quay.io/openshift-logging/loki-operator:0.1.0 - createdAt: "2024-03-11T10:13:39Z" + createdAt: "2024-03-12T08:59:55Z" description: | The Loki Operator for OCP provides a means for configuring and managing a Loki stack for cluster logging. ## Prerequisites and Requirements diff --git a/operator/config/overlays/openshift/manager_metrics_secret_token.yaml b/operator/config/overlays/openshift/manager_metrics_secret_token.yaml index 83d4fefa23b5c..b4847d3a3e488 100644 --- a/operator/config/overlays/openshift/manager_metrics_secret_token.yaml +++ b/operator/config/overlays/openshift/manager_metrics_secret_token.yaml @@ -3,5 +3,5 @@ kind: Secret metadata: name: controller-manager-metrics-token annotations: - kubernetes.io/service-account.name: loki-operator-controller-manager + kubernetes.io/service-account.name: loki-operator-controller-manager-metrics-reader type: kubernetes.io/service-account-token diff --git a/operator/config/rbac/auth_proxy_client_rolebinding.yaml b/operator/config/rbac/auth_proxy_client_rolebinding.yaml new file mode 100644 index 0000000000000..9a5f0ec7b8237 --- /dev/null +++ b/operator/config/rbac/auth_proxy_client_rolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: controller-manager-read-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metrics-reader +subjects: +- kind: ServiceAccount + name: controller-manager-metrics-reader + namespace: system diff --git a/operator/config/rbac/auth_proxy_client_serviceaccount.yaml b/operator/config/rbac/auth_proxy_client_serviceaccount.yaml new file mode 100644 index 0000000000000..041ac56b630cf --- /dev/null +++ b/operator/config/rbac/auth_proxy_client_serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager-metrics-reader + namespace: system diff --git a/operator/config/rbac/kustomization.yaml b/operator/config/rbac/kustomization.yaml index 48bbdd4cb7443..078f03142f87e 100644 --- a/operator/config/rbac/kustomization.yaml +++ b/operator/config/rbac/kustomization.yaml @@ -7,6 +7,8 @@ resources: - auth_proxy_role.yaml - auth_proxy_role_binding.yaml - auth_proxy_client_clusterrole.yaml +- auth_proxy_client_rolebinding.yaml +- auth_proxy_client_serviceaccount.yaml - prometheus_role.yaml - prometheus_role_binding.yaml - serviceaccount.yaml From b38ec707cb2db23fa2809658caaebf00236398ea Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Tue, 12 Mar 2024 11:02:03 +0100 Subject: [PATCH 05/12] Elevate auth proxy client rolebinding to clusterrolebinding --- ...lebinding.yaml => auth_proxy_client_clusterrolebinding.yaml} | 2 +- operator/config/rbac/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename operator/config/rbac/{auth_proxy_client_rolebinding.yaml => auth_proxy_client_clusterrolebinding.yaml} (91%) diff --git a/operator/config/rbac/auth_proxy_client_rolebinding.yaml b/operator/config/rbac/auth_proxy_client_clusterrolebinding.yaml similarity index 91% rename from operator/config/rbac/auth_proxy_client_rolebinding.yaml rename to operator/config/rbac/auth_proxy_client_clusterrolebinding.yaml index 9a5f0ec7b8237..7228087e23edb 100644 --- a/operator/config/rbac/auth_proxy_client_rolebinding.yaml +++ b/operator/config/rbac/auth_proxy_client_clusterrolebinding.yaml @@ -1,5 +1,5 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: name: controller-manager-read-metrics roleRef: diff --git a/operator/config/rbac/kustomization.yaml b/operator/config/rbac/kustomization.yaml index 078f03142f87e..c8b43e2fe40f6 100644 --- a/operator/config/rbac/kustomization.yaml +++ b/operator/config/rbac/kustomization.yaml @@ -7,7 +7,7 @@ resources: - auth_proxy_role.yaml - auth_proxy_role_binding.yaml - auth_proxy_client_clusterrole.yaml -- auth_proxy_client_rolebinding.yaml +- auth_proxy_client_clusterrolebinding.yaml - auth_proxy_client_serviceaccount.yaml - prometheus_role.yaml - prometheus_role_binding.yaml From af453942bd296b2bfeb387601da6b93fbc2de2a1 Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Tue, 12 Mar 2024 11:08:02 +0100 Subject: [PATCH 06/12] Cleanup openshift bundle --- ...etrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename operator/bundle/openshift/manifests/{loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml => loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml} (96%) diff --git a/operator/bundle/openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml b/operator/bundle/openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml similarity index 96% rename from operator/bundle/openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml rename to operator/bundle/openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml index 1fbcef36a5ad9..040591c9f7bb2 100644 --- a/operator/bundle/openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml +++ b/operator/bundle/openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -1,5 +1,5 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: From c5664dd830186859ec648824fc139249eb60406e Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Tue, 12 Mar 2024 11:16:33 +0100 Subject: [PATCH 07/12] Cleanup bundles --- ...etrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml} | 2 +- ...etrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename operator/bundle/community-openshift/manifests/{loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml => loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml} (96%) rename operator/bundle/community/manifests/{loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml => loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml} (95%) diff --git a/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml similarity index 96% rename from operator/bundle/community-openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml rename to operator/bundle/community-openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml index f7e2c2e873743..b966e06579099 100644 --- a/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml +++ b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -1,5 +1,5 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: diff --git a/operator/bundle/community/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml b/operator/bundle/community/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml similarity index 95% rename from operator/bundle/community/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml rename to operator/bundle/community/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml index ccc0c315bbf0c..5566aa3280695 100644 --- a/operator/bundle/community/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_rolebinding.yaml +++ b/operator/bundle/community/manifests/loki-operator-controller-manager-read-metrics_rbac.authorization.k8s.io_v1_clusterrolebinding.yaml @@ -1,5 +1,5 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: creationTimestamp: null labels: From fe054c5e2efc336bb17f3e1ae565cbe7bb756386 Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Tue, 12 Mar 2024 11:36:24 +0100 Subject: [PATCH 08/12] Add changelog entry --- operator/CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/operator/CHANGELOG.md b/operator/CHANGELOG.md index f10317f2d921d..601b6156f3932 100644 --- a/operator/CHANGELOG.md +++ b/operator/CHANGELOG.md @@ -1,5 +1,6 @@ ## Main +- [12164](https://github.com/grafana/loki/pull/12164) **periklis**: Use safe bearer token authentication to scrape operator metrics - [12157](https://github.com/grafana/loki/pull/12157) **periklis**: Fix managed auth features annotation for community-openshift bundle - [12104](https://github.com/grafana/loki/pull/12104) **periklis**: Upgrade build and runtime dependencies - [11928](https://github.com/grafana/loki/pull/11928) **periklis**: Fix remote write client timeout config rename From 3998ef1a0ff1d88cd32fd3fe40c235cf832f8461 Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Tue, 12 Mar 2024 20:19:27 +0100 Subject: [PATCH 09/12] Apply suggestions from code review --- ...troller-manager-metrics-ca_v1_configmap.yaml | 12 ------------ ...monitoring.coreos.com_v1_servicemonitor.yaml | 15 +++++++++++---- .../loki-operator.clusterserviceversion.yaml | 2 +- .../loki-operator.clusterserviceversion.yaml | 2 +- ...troller-manager-metrics-ca_v1_configmap.yaml | 12 ------------ ...monitoring.coreos.com_v1_servicemonitor.yaml | 6 +++--- .../loki-operator.clusterserviceversion.yaml | 2 +- .../prometheus_service_monitor_patch.yaml | 17 ++++++++++++----- .../prometheus_service_monitor_patch.yaml | 2 +- .../overlays/openshift/kustomization.yaml | 1 - .../openshift/manager_metrics_configmap_ca.yaml | 7 ------- .../prometheus_service_monitor_patch.yaml | 6 +++--- 12 files changed, 33 insertions(+), 51 deletions(-) delete mode 100644 operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml delete mode 100644 operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml delete mode 100644 operator/config/overlays/openshift/manager_metrics_configmap_ca.yaml diff --git a/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml b/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml deleted file mode 100644 index 549a2b71e60da..0000000000000 --- a/operator/bundle/community-openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - annotations: - service.beta.openshift.io/inject-cabundle: "true" - labels: - app.kubernetes.io/instance: loki-operator-v0.5.0 - app.kubernetes.io/managed-by: operator-lifecycle-manager - app.kubernetes.io/name: loki-operator - app.kubernetes.io/part-of: loki-operator - app.kubernetes.io/version: 0.5.0 - name: loki-operator-controller-manager-metrics-ca diff --git a/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml index 7f5c401e1c073..8f608044bfd01 100644 --- a/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml +++ b/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -11,15 +11,22 @@ metadata: name: loki-operator-metrics-monitor spec: endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + - authorization: + credentials: + key: token + name: loki-operator-controller-manager-metrics-token + type: bearer interval: 30s path: /metrics + port: "8443" scheme: https scrapeTimeout: 10s - targetPort: 8443 tlsConfig: - caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt - serverName: loki-operator-controller-manager-metrics-service.kubernetes-operators.svc + ca: + secret: + key: service-ca.crt + name: loki-operator-controller-manager-metrics-token + serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc selector: matchLabels: app.kubernetes.io/name: loki-operator diff --git a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml index b3abb75482ca0..0d2890cb4704a 100644 --- a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-12T08:59:53Z" + createdAt: "2024-03-12T19:34:53Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. features.operators.openshift.io/disconnected: "true" diff --git a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml index 64f21fa7dd3b8..c55f64ea881b7 100644 --- a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-12T08:59:52Z" + createdAt: "2024-03-12T19:34:52Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. operators.operatorframework.io/builder: operator-sdk-unknown diff --git a/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml b/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml deleted file mode 100644 index a2d626ac92e4e..0000000000000 --- a/operator/bundle/openshift/manifests/loki-operator-controller-manager-metrics-ca_v1_configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - annotations: - service.beta.openshift.io/inject-cabundle: "true" - labels: - app.kubernetes.io/instance: loki-operator-0.1.0 - app.kubernetes.io/managed-by: operator-lifecycle-manager - app.kubernetes.io/name: loki-operator - app.kubernetes.io/part-of: cluster-logging - app.kubernetes.io/version: 0.1.0 - name: loki-operator-controller-manager-metrics-ca diff --git a/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml index 61016de323ece..4d33183d97a82 100644 --- a/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml +++ b/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -18,14 +18,14 @@ spec: type: bearer interval: 30s path: /metrics + port: "8443" scheme: https scrapeTimeout: 10s - targetPort: 8443 tlsConfig: ca: - configMap: + secret: key: service-ca.crt - name: loki-operator-controller-manager-metrics-ca + name: loki-operator-controller-manager-metrics-token serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc selector: matchLabels: diff --git a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml index da558154cf19d..eb714d4e898a2 100644 --- a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: quay.io/openshift-logging/loki-operator:0.1.0 - createdAt: "2024-03-12T08:59:55Z" + createdAt: "2024-03-12T19:34:55Z" description: | The Loki Operator for OCP provides a means for configuring and managing a Loki stack for cluster logging. ## Prerequisites and Requirements diff --git a/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml b/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml index 82f75710f84f6..075be896df6e8 100644 --- a/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml +++ b/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml @@ -6,12 +6,19 @@ metadata: name: metrics-monitor spec: endpoints: - - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - path: /metrics - targetPort: 8443 + - path: /metrics + port: "8443" scheme: https interval: 30s scrapeTimeout: 10s + authorization: + type: bearer + credentials: + key: token + name: loki-operator-controller-manager-metrics-token tlsConfig: - caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt - serverName: loki-operator-controller-manager-metrics-service.kubernetes-operators.svc + ca: + secret: + key: service-ca.crt + name: loki-operator-controller-manager-metrics-token + serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc diff --git a/operator/config/overlays/community/prometheus_service_monitor_patch.yaml b/operator/config/overlays/community/prometheus_service_monitor_patch.yaml index 47fdd4077486b..5e15729af4d7f 100644 --- a/operator/config/overlays/community/prometheus_service_monitor_patch.yaml +++ b/operator/config/overlays/community/prometheus_service_monitor_patch.yaml @@ -8,7 +8,7 @@ metadata: spec: endpoints: - path: /metrics - targetPort: 8443 + port: "8443" scheme: http interval: 30s scrapeTimeout: 10s diff --git a/operator/config/overlays/openshift/kustomization.yaml b/operator/config/overlays/openshift/kustomization.yaml index b6072ed7e5af9..cdd65f1cbeafc 100644 --- a/operator/config/overlays/openshift/kustomization.yaml +++ b/operator/config/overlays/openshift/kustomization.yaml @@ -5,7 +5,6 @@ resources: - ../../webhook - ../../prometheus - manager_metrics_secret_token.yaml -- manager_metrics_configmap_ca.yaml # Adds namespace to all resources. namespace: openshift-operators-redhat diff --git a/operator/config/overlays/openshift/manager_metrics_configmap_ca.yaml b/operator/config/overlays/openshift/manager_metrics_configmap_ca.yaml deleted file mode 100644 index 45ad7419c3090..0000000000000 --- a/operator/config/overlays/openshift/manager_metrics_configmap_ca.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - annotations: - service.beta.openshift.io/inject-cabundle: true - labels: - name: controller-manager-metrics-ca diff --git a/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml b/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml index 2aa5ea8f836a9..075be896df6e8 100644 --- a/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml +++ b/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml @@ -7,7 +7,7 @@ metadata: spec: endpoints: - path: /metrics - targetPort: 8443 + port: "8443" scheme: https interval: 30s scrapeTimeout: 10s @@ -18,7 +18,7 @@ spec: name: loki-operator-controller-manager-metrics-token tlsConfig: ca: - configMap: + secret: key: service-ca.crt - name: loki-operator-controller-manager-metrics-ca + name: loki-operator-controller-manager-metrics-token serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc From 8d40f2970e3529b857846ad43d612df3a6d18ba5 Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Wed, 13 Mar 2024 09:13:29 +0100 Subject: [PATCH 10/12] Move back to targetPort --- ...metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml | 2 +- ...metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml | 2 +- .../community-openshift/prometheus_service_monitor_patch.yaml | 2 +- .../overlays/community/prometheus_service_monitor_patch.yaml | 2 +- .../config/overlays/openshift/manager_related_image_patch.yaml | 1 + .../overlays/openshift/prometheus_service_monitor_patch.yaml | 2 +- 6 files changed, 6 insertions(+), 5 deletions(-) diff --git a/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml index 8f608044bfd01..0bcff7fd01cc6 100644 --- a/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml +++ b/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -18,9 +18,9 @@ spec: type: bearer interval: 30s path: /metrics - port: "8443" scheme: https scrapeTimeout: 10s + targetPort: 8443 tlsConfig: ca: secret: diff --git a/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml index 4d33183d97a82..0665ea907a0a7 100644 --- a/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml +++ b/operator/bundle/openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -18,9 +18,9 @@ spec: type: bearer interval: 30s path: /metrics - port: "8443" scheme: https scrapeTimeout: 10s + targetPort: 8443 tlsConfig: ca: secret: diff --git a/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml b/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml index 075be896df6e8..35d6b0362cd7c 100644 --- a/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml +++ b/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml @@ -7,7 +7,7 @@ metadata: spec: endpoints: - path: /metrics - port: "8443" + targetPort: 8443 scheme: https interval: 30s scrapeTimeout: 10s diff --git a/operator/config/overlays/community/prometheus_service_monitor_patch.yaml b/operator/config/overlays/community/prometheus_service_monitor_patch.yaml index 5e15729af4d7f..47fdd4077486b 100644 --- a/operator/config/overlays/community/prometheus_service_monitor_patch.yaml +++ b/operator/config/overlays/community/prometheus_service_monitor_patch.yaml @@ -8,7 +8,7 @@ metadata: spec: endpoints: - path: /metrics - port: "8443" + targetPort: 8443 scheme: http interval: 30s scrapeTimeout: 10s diff --git a/operator/config/overlays/openshift/manager_related_image_patch.yaml b/operator/config/overlays/openshift/manager_related_image_patch.yaml index 28c00163194a7..0511ba9b61b76 100644 --- a/operator/config/overlays/openshift/manager_related_image_patch.yaml +++ b/operator/config/overlays/openshift/manager_related_image_patch.yaml @@ -7,6 +7,7 @@ spec: spec: containers: - name: manager + imagePullPolicy: Always env: - name: RELATED_IMAGE_LOKI value: quay.io/openshift-logging/loki:v2.9.4 diff --git a/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml b/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml index 075be896df6e8..35d6b0362cd7c 100644 --- a/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml +++ b/operator/config/overlays/openshift/prometheus_service_monitor_patch.yaml @@ -7,7 +7,7 @@ metadata: spec: endpoints: - path: /metrics - port: "8443" + targetPort: 8443 scheme: https interval: 30s scrapeTimeout: 10s From fd62efad8e5d046d6923935a3021f1d1f9d58ba3 Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Wed, 13 Mar 2024 10:49:58 +0100 Subject: [PATCH 11/12] Remove imagePullPolicy Always --- .../manifests/loki-operator.clusterserviceversion.yaml | 2 +- .../manifests/loki-operator.clusterserviceversion.yaml | 2 +- .../manifests/loki-operator.clusterserviceversion.yaml | 2 +- .../config/overlays/openshift/manager_related_image_patch.yaml | 1 - 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml index 0d2890cb4704a..1304267322401 100644 --- a/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community-openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-12T19:34:53Z" + createdAt: "2024-03-13T09:49:39Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. features.operators.openshift.io/disconnected: "true" diff --git a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml index c55f64ea881b7..30a97c96e2cdb 100644 --- a/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/community/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: docker.io/grafana/loki-operator:0.5.0 - createdAt: "2024-03-12T19:34:52Z" + createdAt: "2024-03-13T09:49:38Z" description: The Community Loki Operator provides Kubernetes native deployment and management of Loki and related logging components. operators.operatorframework.io/builder: operator-sdk-unknown diff --git a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml index eb714d4e898a2..c3024c3f9a6ae 100644 --- a/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml +++ b/operator/bundle/openshift/manifests/loki-operator.clusterserviceversion.yaml @@ -150,7 +150,7 @@ metadata: categories: OpenShift Optional, Logging & Tracing certified: "false" containerImage: quay.io/openshift-logging/loki-operator:0.1.0 - createdAt: "2024-03-12T19:34:55Z" + createdAt: "2024-03-13T09:49:40Z" description: | The Loki Operator for OCP provides a means for configuring and managing a Loki stack for cluster logging. ## Prerequisites and Requirements diff --git a/operator/config/overlays/openshift/manager_related_image_patch.yaml b/operator/config/overlays/openshift/manager_related_image_patch.yaml index 0511ba9b61b76..28c00163194a7 100644 --- a/operator/config/overlays/openshift/manager_related_image_patch.yaml +++ b/operator/config/overlays/openshift/manager_related_image_patch.yaml @@ -7,7 +7,6 @@ spec: spec: containers: - name: manager - imagePullPolicy: Always env: - name: RELATED_IMAGE_LOKI value: quay.io/openshift-logging/loki:v2.9.4 From 366f2e79b5025d38189cdee81e90c7355e7a4520 Mon Sep 17 00:00:00 2001 From: Periklis Tsirakidis Date: Wed, 13 Mar 2024 10:53:32 +0100 Subject: [PATCH 12/12] Fix monitor server name for community-openshift bundle --- ...metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml | 2 +- .../community-openshift/prometheus_service_monitor_patch.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml b/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml index 0bcff7fd01cc6..f5dd97d97f7f4 100644 --- a/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml +++ b/operator/bundle/community-openshift/manifests/loki-operator-metrics-monitor_monitoring.coreos.com_v1_servicemonitor.yaml @@ -26,7 +26,7 @@ spec: secret: key: service-ca.crt name: loki-operator-controller-manager-metrics-token - serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc + serverName: loki-operator-controller-manager-metrics-service.kubernetes-operators.svc selector: matchLabels: app.kubernetes.io/name: loki-operator diff --git a/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml b/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml index 35d6b0362cd7c..7ece571465a0c 100644 --- a/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml +++ b/operator/config/overlays/community-openshift/prometheus_service_monitor_patch.yaml @@ -21,4 +21,4 @@ spec: secret: key: service-ca.crt name: loki-operator-controller-manager-metrics-token - serverName: loki-operator-controller-manager-metrics-service.openshift-operators-redhat.svc + serverName: loki-operator-controller-manager-metrics-service.kubernetes-operators.svc