wip working setup for 4.19 - valid tls config

azych · azych · commit 8924ee884c41 · 2025-01-31T14:46:09.000+01:00
diff --git a/openshift/catalogd/kustomize/overlays/openshift/olmv1-ns/metrics/catalogd_servicemonitor.yaml b/openshift/catalogd/kustomize/overlays/openshift/olmv1-ns/metrics/catalogd_servicemonitor.yaml
@@ -15,11 +15,10 @@ spec:
       port: metrics
       scheme: https
       tlsConfig:
-        insecureSkipVerify: true
-        # caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
-        # certFile: /etc/prometheus/secrets/metrics-client-certs/tls.crt
-        # keyFile: /etc/prometheus/secrets/metrics-client-certs/tls.key
-        # serverName: catalogd-service.openshift-catalogd.svc
+        caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
+        certFile: /etc/prometheus/secrets/metrics-client-certs/tls.crt
+        keyFile: /etc/prometheus/secrets/metrics-client-certs/tls.key
+        serverName: catalogd-service.openshift-catalogd.svc
   namespaceSelector:
     matchNames:
       - openshift-catalogd
diff --git a/openshift/catalogd/manifests/11-rolebinding-openshift-config-catalogd-manager-rolebinding.yml b/openshift/catalogd/manifests/11-rolebinding-openshift-config-catalogd-manager-rolebinding.yml
@@ -13,5 +13,5 @@ roleRef:
   name: catalogd-manager-role
 subjects:
   - kind: ServiceAccount
-    name: controller-manager
+    name: catalogd-controller-manager
     namespace: openshift-catalogd
diff --git a/openshift/catalogd/manifests/17-servicemonitor-openshift-catalogd-catalogd-metrics-monitor.yml b/openshift/catalogd/manifests/17-servicemonitor-openshift-catalogd-catalogd-metrics-monitor.yml
@@ -16,7 +16,10 @@ spec:
       port: metrics
       scheme: https
       tlsConfig:
-        insecureSkipVerify: true
+        caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
+        certFile: /etc/prometheus/secrets/metrics-client-certs/tls.crt
+        keyFile: /etc/prometheus/secrets/metrics-client-certs/tls.key
+        serverName: catalogd-service.openshift-catalogd.svc
   namespaceSelector:
     matchNames:
       - openshift-catalogd
diff --git a/openshift/operator-controller/kustomize/overlays/openshift/olmv1-ns/metrics/operator_controller_servicemonitor.yaml b/openshift/operator-controller/kustomize/overlays/openshift/olmv1-ns/metrics/operator_controller_servicemonitor.yaml
@@ -14,7 +14,10 @@ spec:
       port: https
       scheme: https
       tlsConfig:
-        insecureSkipVerify: true
+        caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
+        certFile: /etc/prometheus/secrets/metrics-client-certs/tls.crt
+        keyFile: /etc/prometheus/secrets/metrics-client-certs/tls.key
+        serverName: operator-controller-service.openshift-operator-controller.svc
   namespaceSelector:
     matchNames:
       - openshift-operator-controller
diff --git a/openshift/operator-controller/manifests/23-servicemonitor-openshift-operator-controller-operator-controller-metrics-monitor.yml b/openshift/operator-controller/manifests/23-servicemonitor-openshift-operator-controller-operator-controller-metrics-monitor.yml
@@ -15,7 +15,10 @@ spec:
       port: https
       scheme: https
       tlsConfig:
-        insecureSkipVerify: true
+        caFile: /etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt
+        certFile: /etc/prometheus/secrets/metrics-client-certs/tls.crt
+        keyFile: /etc/prometheus/secrets/metrics-client-certs/tls.key
+        serverName: operator-controller-service.openshift-operator-controller.svc
   namespaceSelector:
     matchNames:
       - openshift-operator-controller
